反调试技术.................................................................................................................................2
发现 OD 的处理.................................................................................................................2
1. 窗口类名、窗口名.........................................................................................................3
2. 检测调试器进程.............................................................................................................4
3. 父进程是否是 Explorer..................................................................................................5
4. RDTSC/ GetTickCount 时间敏感程序段......................................................................7
5. StartupInfo 结构..............................................................................................................7
6. BeingDebugged...............................................................................................................9
7. PEB.NtGlobalFlag , Heap.HeapFlags, Heap.ForceFlags.............................................10
8. DebugPort: CheckRemoteDebuggerPresent()/NtQueryInformationProcess().............11
9. SetUnhandledExceptionFilter/ Debugger Interrupts....................................................13
10. Trap Flag 单步标志异常............................................................................................15
11. SeDebugPrivilege 进程权限.......................................................................................16
12. DebugObject: NtQueryObject()..................................................................................17
13. OllyDbg:Guard Pages..............................................................................................18
14. Software Breakpoint Detection...................................................................................19
15. Hardware Breakpoints.................................................................................................21
16. PatchingDetection CodeChecksumCalculation 补丁检测,代码检验和.................23
17. block input 封锁键盘、鼠标输入..............................................................................24
18. EnableWindow 禁用窗口...........................................................................................24
19. ThreadHideFromDebugger.........................................................................................25
20. Disabling Breakpoints 禁用硬件断点........................................................................27
21. OllyDbg:OutputDebugString() Format String Bug....................................................28
22. TLS Callbacks.............................................................................................................29
反反调试技术...................................................................................................................32
评论0