Automatic Detection and Bypassing of Anti-Debugging Techniques for Microsoft Windows Environments
In spite of recent remarkable advances in binary code analysis, adversaries are still using diverse anti-reversing techniques for obfuscating code and making analysis difficult. Unlike most of the previous work that relies on debugger-plugins for neutralizing anti-debugging techniques, we focus on...
Main Authors: | , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
Stefan cel Mare University of Suceava
2019-05-01
|
Series: | Advances in Electrical and Computer Engineering |
Subjects: | |
Online Access: | http://dx.doi.org/10.4316/AECE.2019.02003 |
id |
doaj-4b7428812f4344eca2ad9e6da62079f7 |
---|---|
record_format |
Article |
spelling |
doaj-4b7428812f4344eca2ad9e6da62079f72020-11-25T00:34:22ZengStefan cel Mare University of SuceavaAdvances in Electrical and Computer Engineering1582-74451844-76002019-05-01192232810.4316/AECE.2019.02003Automatic Detection and Bypassing of Anti-Debugging Techniques for Microsoft Windows EnvironmentsPARK, J.JANG, Y.-H.HONG, S.PARK, Y.In spite of recent remarkable advances in binary code analysis, adversaries are still using diverse anti-reversing techniques for obfuscating code and making analysis difficult. Unlike most of the previous work that relies on debugger-plugins for neutralizing anti-debugging techniques, we focus on the Pin, which is one of the most widely used DBI (Dynamic Binary Instrumentation) tools in 80x86 environments. In this paper, we present an automatic anti-debugging detection/bypassing scheme using the Pin. In order to evaluate the effectiveness of our algorithm, we conducted experiments on 17 most widely used (commercial) protectors, which results in bypassing all anti-debugging techniques automatically. Particularly, our experiment includes Safengine, which is one of the most complex commercial protectors and, to the best of our knowledge, it has not been successfully analyzed by academic researchers up to now. Also, experimental results show that the proposed scheme performs better than the most recent work, Apate.http://dx.doi.org/10.4316/AECE.2019.02003computer hackingcomputer securitydebuggingreverse engineeringsoftware protection |
collection |
DOAJ |
language |
English |
format |
Article |
sources |
DOAJ |
author |
PARK, J. JANG, Y.-H. HONG, S. PARK, Y. |
spellingShingle |
PARK, J. JANG, Y.-H. HONG, S. PARK, Y. Automatic Detection and Bypassing of Anti-Debugging Techniques for Microsoft Windows Environments Advances in Electrical and Computer Engineering computer hacking computer security debugging reverse engineering software protection |
author_facet |
PARK, J. JANG, Y.-H. HONG, S. PARK, Y. |
author_sort |
PARK, J. |
title |
Automatic Detection and Bypassing of Anti-Debugging Techniques for Microsoft Windows Environments |
title_short |
Automatic Detection and Bypassing of Anti-Debugging Techniques for Microsoft Windows Environments |
title_full |
Automatic Detection and Bypassing of Anti-Debugging Techniques for Microsoft Windows Environments |
title_fullStr |
Automatic Detection and Bypassing of Anti-Debugging Techniques for Microsoft Windows Environments |
title_full_unstemmed |
Automatic Detection and Bypassing of Anti-Debugging Techniques for Microsoft Windows Environments |
title_sort |
automatic detection and bypassing of anti-debugging techniques for microsoft windows environments |
publisher |
Stefan cel Mare University of Suceava |
series |
Advances in Electrical and Computer Engineering |
issn |
1582-7445 1844-7600 |
publishDate |
2019-05-01 |
description |
In spite of recent remarkable advances in binary code analysis, adversaries are still using diverse anti-reversing
techniques for obfuscating code and making analysis difficult. Unlike most of the previous work that relies on
debugger-plugins for neutralizing anti-debugging techniques, we focus on the Pin, which is one of the most
widely used DBI (Dynamic Binary Instrumentation) tools in 80x86 environments. In this paper, we present an
automatic anti-debugging detection/bypassing scheme using the Pin. In order to evaluate the effectiveness
of our algorithm, we conducted experiments on 17 most widely used (commercial) protectors, which results
in bypassing all anti-debugging techniques automatically. Particularly, our experiment includes Safengine,
which is one of the most complex commercial protectors and, to the best of our knowledge, it has not been
successfully analyzed by academic researchers up to now. Also, experimental results show that the proposed
scheme performs better than the most recent work, Apate. |
topic |
computer hacking computer security debugging reverse engineering software protection |
url |
http://dx.doi.org/10.4316/AECE.2019.02003 |
work_keys_str_mv |
AT parkj automaticdetectionandbypassingofantidebuggingtechniquesformicrosoftwindowsenvironments AT jangyh automaticdetectionandbypassingofantidebuggingtechniquesformicrosoftwindowsenvironments AT hongs automaticdetectionandbypassingofantidebuggingtechniquesformicrosoftwindowsenvironments AT parky automaticdetectionandbypassingofantidebuggingtechniquesformicrosoftwindowsenvironments |
_version_ |
1725313812671758336 |