Questions tagged [anti-debugging]
Any techniques or tricks used to prevent, mitigate or detect an attempt to run the software within a debugging environment.
139
questions
1
vote
0
answers
70
views
Why some anti-debugging/malware does `wmiadap.exe /f /t /r`?
It seems some possibly legit software, but also malware does wmiadap.exe /f /t /r. Apparently it's part of their anti-debugging attempts. (On Linux some such software I've seen drops a coredump_filter ...
1
vote
0
answers
59
views
UPX anti unpacking (upx -d)
To start, I know that there is a post on this platform from 2013 that asked the same question but since it's been a while, I will ask it again.
A few months back I recall to find a github repo / ...
0
votes
0
answers
94
views
Question about anti-debug methods and anti-anti-debug methods
I've come across several binaries that have simple anti-debug methods in place, like checking IsDebuggerPresent(), NtQueryInformationProcess(), etc. But I recently came across a binary that looked ...
1
vote
0
answers
85
views
How to develop an anti-debug library which allow users to debug their own programs but not the library?
I'm going to publish a library which guarded by anti-debug ,(ptrace_trackme for Linux and isDebuggerPresent for windows).
The down side of this library is: users would be abled to debug their own ...
2
votes
0
answers
73
views
Javascript: Compare Control Flow (to evade anti-debug and anti-tamper traps)
When reverse engineering obfuscated javascript, it may be protected by anti-tamper mechanisms.
I have a script which will work when run untouched, but cause a fatal javascript error when run in node ...
3
votes
0
answers
360
views
Weird anti-debugging mechanism
I am trying to grasp an anti-debugging trick used in this program. Upon attaching any debugger (x64dbg, VEH debugger) the software crashes after about 2 seconds.
x64dbg shows me that the following ...
-1
votes
1
answer
177
views
Anti-patching checksum [closed]
I'm busy with debugging a program in x64dbg and it has some kind of anti-patching mechanism so can someone please advise me on how I would go about finding the functions which are calculating the ...
3
votes
1
answer
1k
views
VMProtect Anti-debugging method (without WiNAPI)
First, sorry for my bad english.
I'm trying to make VMProtect unpacker with unicorn emulator, but one of my sample shows me like this anti-debugging message:
WTSSendMessageW: "A debugger has been ...
2
votes
1
answer
433
views
Windows UI freezes except the debugger itself when a breakpoint is hit in every debuggers I tried on a particular application
I'm trying to "trace" (just setting breakpoint, step in, step over to know how certain things work) an application. But if the application enters suspended state by using breakpoint, every ...
0
votes
1
answer
266
views
Is that message mean the program has an anti-debugger?
When trying to debug a program using the x64dbg and in a specific step, the following problem happens:
Is that mean that the program has an anti-debugger?
if not, why when debugging the program and ...
0
votes
1
answer
669
views
How can I detect if my application is running in x64debug?
I am writing my own applications to practice reversing. I want to be able to detect debuggers and change the execution in response.
When building the application, I am easily able to detect it is ...
2
votes
2
answers
3k
views
How to debug / analyze a Themida protected binary
Background: I have an application that has worked fine up until Windows 10 build 1511 but broke as of build 1607. It produces an access violation:
STACK_TEXT:
03799f54 00f91cfa 24d1ae78 0000000f ...
0
votes
1
answer
2k
views
How to bypass anti-debugging C++
So I have a crackme my friend sent to try and crack it but the problem that I cannot bypass the anti-debugging or even patching it.
I even tried using ScyllaHide at max settings but still it detects ...
1
vote
1
answer
466
views
IDA Pro Debbuger is debugging the original code and not the patched code
Using IDA Pro, I tried to patch int 2Dh to nop.
However, with the debugger, it seems that the original code is being loaded.
What may be the reason for that? This might be related for some protections?...
0
votes
0
answers
760
views
Bypass Javascript Debug Prevention in Firefox
I've looked around, and can't find an answer for my specific question. The closest I could find was this.
I'm trying to reverse engineer some suspicious Javascript, but it repeatedly calls a debugger ...