https://www.google.com/search?q=execution+sandbox+debug+tools+ret+jmp+ntglobalflag&client=firefox-b-d&sxsrf=AJOqlzXnPaMUdTk-A-vN0FtPYW784yLI0A%3A1678790200781&ei=OE4QZIqfL5Xi2roPvLOIgAI&oq=execution+sandbox+&gs_lcp=Cgxnd3Mtd2l6LXNlcnAQARgAMgQIIxAnMgQIIxAnMgQIIxAnMgQIABAeMgYIABAIEB4yBggAEAgQHjIICAAQCBAeEA86BAgAEEdKBAhBGABQyQRYyQRg4xtoAHACeACAAUqIAUqSAQExmAEAoAEByAEKwAEB&sclient=gws-wiz-serp
https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software
https://www.codeproject.com/Articles/1090943/Anti-Debug-Protection-Techniques-Implementation-an
https://anti-debug.checkpoint.com/techniques/debug-flags.html
https://blog.csdn.net/fengyunzhongwei/article/details/39160565
https://www.scribd.com/document/413964852/Anti-Debugging-Protection-Techniques-With-Examples-pdf
https://www.google.com/search?q=execution+sandbox+debug+tools+ret+jmp+ntglobalflag&client=firefox-b-d&sxsrf=AJOqlzXnPaMUdTk-A-vN0FtPYW784yLI0A%3A1678790200781&ei=OE4QZIqfL5Xi2roPvLOIgAI&oq=execution+sandbox+&gs_lcp=Cgxnd3Mtd2l6LXNlcnAQARgAMgQIIxAnMgQIIxAnMgQIIxAnMgQIABAeMgYIABAIEB4yBggAEAgQHjIICAAQCBAeEA86BAgAEEdKBAhBGABQyQRYyQRg4xtoAHACeACAAUqIAUqSAQExmAEAoAEByAEKwAEB&sclient=gws-wiz-serp
https://www.google.com/search?q=execution+sandbox+debug+tools+ret+jmp+ntglobalflag+apriorit+&client=firefox-b-d&sxsrf=AJOqlzUyvWu-d6_fkR8cjH7fpbD8LJorGA%3A1678790228836&ei=VE4QZNfQMp2n2roP0fi_4AU&ved=0ahUKEwjXyvf5nNv9AhWdk1YBHVH8D1wQ4dUDCA4&oq=execution+sandbox+debug+tools+ret+jmp+ntglobalflag+apriorit+&gs_lcp=Cgxnd3Mtd2l6LXNlcnAQDDoKCAAQRxDWBBCwAzoICAAQgAQQywE6BAgAEB46BggAEB4QD0oECEEYAFDyAViiHWD8ImgBcAF4AIABiAGIAe8CkgEDMi4ymAEAoAEBoAECyAEKwAEB&sclient=gws-wiz-serp
https://www.google.com/search?client=firefox-b-d&q=executtion+sandbox
sDebuggerPresent
PEB (Process Environment Block)
How to neutralize the IsDebuggerPresent check
TLS Callback
NtGlobalFlag
How to neutralize the NtGlobalFlag check
NtGlobalFlag and IMAGE_LOAD_CONFIG_DIRECTORY
Heap Flags and ForceFlags
How to neutralize the Heap Flags and ForceFlags checks
Trap Flag Check
How to neutralize the TF check
CheckRemoteDebuggerPresent and NtQueryInformationProcess
How to neutralize CheckRemoteDebuggerPresent and NtQueryInformationProcess
Other techniques of anti-debug protection based on NtQueryInformationProcess
How to neutralize the NtQueryInformationProcess checks
Breakpoints: Software and Hardware ones
SEH (Structured Exception Handling)
How to neutralize SEH checks
VEH (Vectored Exception Handler)
How to neutralize hardware breakpoint check and VEH
NtSetInformationThread – hiding thread from debugger
How to neutralize thread hiding from debugger
NtCreateThreadEx
How to neutralize NtCreateThreadEx
Handle Tracing
Stack Segment Manipulation
HyperDbg: Reinventing Hardware-Assisted Debugging
misc0110.net
https://misc0110.net › files › hyperdbg_ccs22
We describe how the pro- posed debugger enables transparent debugging of I/O devices, analy- ses performance of software, and provides means for code coverage.
Windows Anti-Debug Reference
http://www.symantec.com/connect/articles/windows-anti-debug-reference
沒有留言:
張貼留言