Automatic Detection and Bypassing of Anti-Debugging Techniques for Microsoft Windows Environments
In spite of recent remarkable advances in binary code analysis, adversaries are still using diverse anti-reversing techniques for obfuscating code and making analysis difficult. Unlike most of the previous work that relies on debugger-plugins for neutralizing anti-debugging techniques, we focus on...
Main Authors: | , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
Stefan cel Mare University of Suceava
2019-05-01
|
Series: | Advances in Electrical and Computer Engineering |
Subjects: | |
Online Access: | http://dx.doi.org/10.4316/AECE.2019.02003 |
Summary: | In spite of recent remarkable advances in binary code analysis, adversaries are still using diverse anti-reversing
techniques for obfuscating code and making analysis difficult. Unlike most of the previous work that relies on
debugger-plugins for neutralizing anti-debugging techniques, we focus on the Pin, which is one of the most
widely used DBI (Dynamic Binary Instrumentation) tools in 80x86 environments. In this paper, we present an
automatic anti-debugging detection/bypassing scheme using the Pin. In order to evaluate the effectiveness
of our algorithm, we conducted experiments on 17 most widely used (commercial) protectors, which results
in bypassing all anti-debugging techniques automatically. Particularly, our experiment includes Safengine,
which is one of the most complex commercial protectors and, to the best of our knowledge, it has not been
successfully analyzed by academic researchers up to now. Also, experimental results show that the proposed
scheme performs better than the most recent work, Apate. |
---|---|
ISSN: | 1582-7445 1844-7600 |