Debugging - Anti-debugging


Anti-debugging is "the implementation of one or more techniques within computer code that hinders attempts at reverse engineering or debugging a target process". It is actively used in legitimate copy-protection schemas, but is also used by malware to complicate its detection and elimination. Techniques used in anti-debugging include:

  • API-based: check for the existence of a debugger using system information
  • Exception-based: check to see if exceptions are interfered with
  • Process and thread blocks: check whether process and thread blocks have been manipulated
  • Modified code: check for code modifications made by a debugger handling software breakpoints
  • Hardware- and register-based: check for hardware breakpoints and CPU registers
  • Timing and latency: check the time taken for the execution of instructions
  • Detecting and penalizing debugger

Read more about this topic:  Debugging