EventPairs Reversing – EventPairHandle as Anti-Dbg Trick

May 6, 2009

Hi,

I’ve published

EventPairs Reversing – EventPairHandle as Anti-Dbg Trick

The paper is here:

http://evilcry.netsons.org/tuts/EventPairsHandle.pdf

Have a nice read 🙂

Giuseppe ‘Evilcry’ Bonfa’


NtSetDebugFilterState as Anti-Dbg Trick Reverse Engineering

January 9, 2009
Hi,

Here you can download my last paper related to NtSetDebugFilterState UndocumentAPI that can be used as 
Anti Debugging Trick.

http://evilcry.netsons.org/tuts/NtSetDebugFilterState.pdf

Have a Nice Read 🙂
Giuseppe 'Evilcry' Bonfa'


Debugger Detection Via NtSystemDebugControl

September 15, 2008

Hi,

NtSystemDebugControl() is a really powerful undocumented function, that allows you Direct Manipulation of System’s Structures.

Here a definition of NtSystemDebugControl:

http://undocumented.ntinternals.net/UserMode/Undocumented%20Functions/Debug/NtSystemDebugControl.html

The use of this function is only limited to the fancy of the coder

I’ve rewritten some basical Anti Debugging Techniques with Direct Structure Reading with NtSystemDebugControl. Obviously there are shorter ways to implement these Anti-Dbg Apps, but I think that more reimplementations exists and more are possibilities to trick an attacker, that may not know/understands the specific trick..especially if embedded in many..many.. Junk Code

Here you can download the Source Code sample:

http://evilcry.netsons.org/other/ntsd.zip

Have a nice Day,
Evilcry