Automatic Detection and Bypassing of Anti-Debugging Techniques for Microsoft Windows Environmentsopen access
- Authors
- Park, Juhyun; Jang, Yun-Hwan; Hong, Soohwa; Park, Yongsu
- Issue Date
- May-2019
- Publisher
- UNIV SUCEAVA, FAC ELECTRICAL ENG
- Keywords
- computer hacking; computer security; debugging; reverse engineering; software protection
- Citation
- ADVANCES IN ELECTRICAL AND COMPUTER ENGINEERING, v.19, no.2, pp.23 - 28
- Indexed
- SCIE
SCOPUS
- Journal Title
- ADVANCES IN ELECTRICAL AND COMPUTER ENGINEERING
- Volume
- 19
- Number
- 2
- Start Page
- 23
- End Page
- 28
- URI
- https://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/147847
- DOI
- 10.4316/AECE.2019.02003
- ISSN
- 1582-7445
- Abstract
- In spite of recent remarkable advances in binary code analysis, adversaries are still using diverse anti-reversing techniques for obfuscating code and making analysis difficult. Unlike most of the previous work that relies on debugger-plugins for neutralizing anti-debugging techniques, we focus on the Pin, which is one of the most widely used DBI (Dynamic Binary Instrumentation) tools in 80x86 environments. In this paper, we present an automatic anti-debugging detection/bypassing scheme using the Pin. In order to evaluate the effectiveness of our algorithm, we conducted experiments on 17 most widely used (commercial) protectors, which results in bypassing all anti-debugging techniques automatically. Particularly, our experiment includes Safengine, which is one of the most complex commercial protectors and, to the best of our knowledge, it has not been successfully analyzed by academic researchers up to now. Also, experimental results show that the proposed scheme performs better than the most recent work, Apate.
- Files in This Item
-
- Appears in
Collections - 서울 공과대학 > 서울 컴퓨터소프트웨어학부 > 1. Journal Articles
![qrcode](https://api.qrserver.com/v1/create-qr-code/?size=55x55&data=https://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/147847)
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.