안티 디버깅

API BASED ANTI-DEBUGGING

IsDebuggerPresent
CheckRemoteDebuggerPresent
OutputDebugString
FindWindow
Registry Key
NtQueryInformationProcess (ProcessDebugPort)
NtSetInformationThread Debugger Detaching
Self Debugging with DebugActiveProcess
NtQueryInformationProcess (ProcessDebugObjectHandle)
OllyDbg OutputDebugString() Format String
SeDebugPrivilege OpenProcess
OllyDbg OpenProcess String Detection
OllyDbg Filename Format String

 

DIRECT PROCESS AND THREAD BLOCK DETECTIONS

IsDebuggerPresent Direct PEB
IsDebuggerPresent Set/Check
NtGlobalFlag
Vista TEB System DLL Pointer
PEB ProcessHeap Flag Debugger
LDR_Module

 

HARDWARE AND REGISTER BASED DETECTION

Hardware Breakpoints
VMware LDT Register Detection
VMware STR Register Detection

 

TIMING BASED DETECTIONS

RDTSC
NTQueryPerformanceCounter
GetTickCount
timeGetTime

 

MODIFIED CODE DETECTION

CRC Checking

 

EXCEPTION BASED DETECTION

INT 3 Exception (0XCC)
INT 2D (Kernel Debugger Interrupt)
ICE Breakpoint
Single Step Detection
Unhandled Exception Filter
CloseHandle
Control-C Vectored Exception
Prefix Handling
CMPXCHG8B and LOCK
OllyDbg Memory Breakpoint
VMware Magic Port