'UnPack'에 해당되는 글 1건

  1. 2008.11.19 The Art of Unpacking


차례

1. 서론

2. TECHNIQUES : DEBUGGER DETECTION
  2.1 PEB.BEINGDEBUGGED FLAG: ISDEBUGGERPRESENT
  2.2 PEB.NTGLOBALFLAG, HEAP.HEAPFLAGS, HEAP.FORCEFLAGS
  2.3 DEBUGPORT: CHECKREMOTEDEBUGGERPRESENT() / NTQUERYINFORMATIONPROCESS
  2.4 DEBUGGER INTERRUPTS
  2.5 TIMING CHECKS
  2.6 SEDEBUGPRIVILEGE
  2.7 PARENT PROCESS
  2.8 DEBUGOBJECT: NTQUERYOBJECT
  2.9 DEBUGGER WINDOW
  2.10 DEBUGGER PROCESS
  2.11 DEVICE DRIVERS
  2.12 OLLYDBG:GUARD PAGES

3. THCHMIQUES : BREAKPOINT AND PATCHING DETECTION
  3.1 SOFRWARE BREAKPOINT DETECTION
  3.2 HARDWARE BREAKPOINT DETECTION
  3.3 PATCHING DETECTION VIA CODE CHECKSUM CALCULATION

4. TECHNIQUES:ANTI-ANALYSIS
  4.1 ENCRYPTION AND COMPRESSION
  4.2 GARBAGE CODE AND CODE PERMUTATION
  4.3 ANTI-DISASSEMBLY

5. THCHNIQUES : DEBUGGER ATTACKS
  5.1 MISDIRECTION AND STOPPING EXECUTION VIA EXCEPTIONS
  5.2 BLOCKING INPUT
  5.3 THREADHIDEFROMDEBUGGER
  5.4 DISABLING BREAKPOINTS
  5.5 UNHANDLED EXCEPTION FILTER
  5.6 OLLYDBG:OUTPUTDEBUGSTRION() FORMAT STRING BUG

6.TECHNIQUES:ADVANCED AND OTHER TECHNIQUES
  6.1 PROCESS INJECTION
  6.2 DEBUGGER BLOCKER
  6.3 TLS CALLBACKS
  6.4 STOLEN BYTES
  6.5 API REDIRECTION
  6.6 MULTI-THREADED PACKERS
  6.7 VIRTUAL MACHINES

7. TOOLS
  7.1 OLLYDBG
  7.2 OLLYSCRIPT
  7.3 OLLY ADVANCED
  7.4 OLLYDUMP
  7.5 IMPREC

8. REFERENCES


출처 : BeistLab
Posted by skensita