• Journal of Internet Computing and Services
    ISSN 2287 - 1136(Online) / ISSN 1598 - 0170 (Print)
    http://jics.or.kr/

An automatic detection scheme of anti-debugging routines to the environment for analysis


Jin-Woo Park, Yong-Su Park, Journal of Internet Computing and Services, Vol. 15, No. 6, pp. 47-54, Dec. 2014
10.7472/jksii.2014.15.6.47, Full Text:
Keywords: Anti-debugging, Malware, Instruction trace, API trace, Anti-reversing, Anti-reverse Engineering

Abstract

Anti-debugging is one of the techniques implemented within the computer code to hinder attempts at reverse engineering so that attackers or analyzers will not be able to use debuggers to analyze the program. The technique has been applied to various programs and is still commonly used in order to prevent malware or malicious code attacks or to protect the programs from being analyzed. In this paper, we will suggest an automatic detection scheme for anti-debugging routines. With respect to the automatic detection, debuggers and a simulator were used by which trace information on the Application Program Interface(API) as well as executive instructions were extracted. Subsequently, the extracted instructions were examined and compared so as to detect points automatically where suspicious activity was captured as anti-debugging routines. Based on experiments to detect anti-debugging routines using such methods, 21 out of 25 anti-debugging techniques introduced in this paper appear to be able to detect anti-debugging routines properly. The technique in the paper is therefore not dependent upon a certain anti-debugging method. As such, the detection technique is expected to also be available for anti-debugging techniques that will be developed or discovered in the future.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from November 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[APA Style]
Jin-Woo Park and Yong-Su Park (2014). An automatic detection scheme of anti-debugging routines to the environment for analysis. Journal of Internet Computing and Services, 15(6), 47-54. DOI: 10.7472/jksii.2014.15.6.47.

[IEEE Style]
J. Park and Y. Park, "An automatic detection scheme of anti-debugging routines to the environment for analysis," Journal of Internet Computing and Services, vol. 15, no. 6, pp. 47-54, 2014. DOI: 10.7472/jksii.2014.15.6.47.

[ACM Style]
Jin-Woo Park and Yong-Su Park. 2014. An automatic detection scheme of anti-debugging routines to the environment for analysis. Journal of Internet Computing and Services, 15, 6, (2014), 47-54. DOI: 10.7472/jksii.2014.15.6.47.