Exetools  

Go Back   Exetools > General > Source Code

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 07-05-2016, 19:14
sh3dow sh3dow is offline
Family
 
Join Date: Oct 2014
Posts: 158
Rept. Given: 113
Rept. Rcvd 79 Times in 24 Posts
Thanks Given: 458
Thanks Rcvd at 202 Times in 75 Posts
sh3dow Reputation: 79
anti-analysis-tricks

anti-analysis-tricks

Bunch of techniques potentially used by malware to detect analysis environments
Content

After some years, I decided to release these codes for the community. This material was prepared for training courses given in several security conferences. Namely, NoConName 2011, RootedCON 2013, and Hack in Paris 2013.

Preparation

There is a toy GUI (baseProject) used to test each of the tricks individually. Each trick is implemented as an ASM macro. At the beginning, this macro is invoked and the value of detection is set to a variable which is later tested. You need to comment/uncomment the include of the trick you wish to test, and then compile the executable each time. Some tricks may need further modifications, you will find required instructions in each file.

The main purpose of this project is to test how each anti-analysis trick can be overridden. A brief description of the technique is written in the first lines of each file.

Dependencies

You will need to install RadASM IDE (https://fbedit.svn.sourceforge.net/svnroot/fbedit/RadASM30/Release/RadASM.zip + MASM dependencies) and MASM32 SDK compiler (http://www.masm32.com/download.htm)

PHP Code:
https://github.com/ricardojrdez/anti-analysis-tricks 
Reply With Quote
The Following 6 Users Say Thank You to sh3dow For This Useful Post:
alephz (08-05-2016), doingtest (11-28-2016), Elesty (02-05-2018), niculaita (07-05-2016), nimaarek (09-09-2017), TechLord (07-06-2016)
 

Tags
anti-analysis, anti-reverse engineering

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On


Similar Threads
Thread Thread Starter Forum Replies Last Post
PowerDVD 4.0 & anti-sice tricks loman General Discussion 6 03-27-2003 06:16


All times are GMT +8. The time now is 16:30.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )