Alternatives and detailed information of Anti-Debugging

Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do

Stars: ✭ 2,026 (+582.15%)

Mutual labels: malware, malware-analysis, malware-research

VX-API

Collection of various malicious functionality to aid in malware development

Stars: ✭ 904 (+204.38%)

Mutual labels: malware, malware-research, malware-development

Pwndbg

Exploit Development and Reverse Engineering with GDB Made Easy

Stars: ✭ 4,178 (+1306.73%)

Mutual labels: debugging, malware, malware-analysis

Owlyshield

Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..

Stars: ✭ 281 (-5.39%)

Mutual labels: malware, malware-analysis, malware-research

Thezoo

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

Stars: ✭ 7,849 (+2542.76%)

Mutual labels: malware, malware-analysis, malware-research

Malice

VirusTotal Wanna Be - Now with 100% more Hipster

Stars: ✭ 1,253 (+321.89%)

Mutual labels: malware, malware-analysis, malware-research

Yargen

yarGen is a generator for YARA rules

Stars: ✭ 795 (+167.68%)

Mutual labels: malware, malware-analysis, malware-research

Threat Hunting

Personal compilation of APT malware from whitepaper releases, documents and own research

Stars: ✭ 219 (-26.26%)

Mutual labels: malware, malware-analysis, malware-research

Multiscanner

Modular file scanning/analysis framework

Stars: ✭ 494 (+66.33%)

Mutual labels: malware, malware-analysis, malware-research

Malware Samples

A collection of malware samples and relevant dissection information, most probably referenced from http://blog.inquest.net

Stars: ✭ 565 (+90.24%)

Mutual labels: malware, malware-analysis, malware-research

ConTroll Remote Access Trojan

Created a VERY SIMPLE remote access Trojan that will establish administrative control over any windows machine it compromises.

Stars: ✭ 69 (-76.77%)

Mutual labels: virus, malware, malware-development

View All Similar Projects ➔

This repository hosts code that shows some of the trivial ways to detect the presence of debuggers under Windows applications. More thorough resources can be found on other GitHub repositories and Peter Ferrie's The "Ultimate”Anti-Debugging Reference". The examples are organized by functionality.

Building

To build the project run the following from build/.

cmake ../
cmake --build .

The ReadTEB example makes use of __asm which isn't supported on x64 and is excluded from the makefile.

Checking Within Processes

These are some checks that can be run from within the source of an application.

IsDebuggerPresent - Basic Win32 API call to check for the presence of a debugger

OutputDebugString - Use the Win32 API to tryto communicate with a potentially attached debugger

FindWindow - Use the Win32 API to search for debugger windows

ReadTEB - A brief look at the internals of IsDebuggerPresent

DebugBreak - A win32 call that will throw when a debugger isn't attached.

Checking Other Processes

Checking external processes for the presence of an attached debugger.

CheckRemoteDebuggerPresent - IsDebuggerPresent for external processes

References and Other Repositories

Anti Reverse Engineering Protection Techniques to Use Before Releasing Software

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

ThomasThelen / Anti-Debugging

Programming Languages

Labels

Projects that are alternatives of or similar to Anti-Debugging

Building

Checking Within Processes

Checking Other Processes

References and Other Repositories