Malware often use different Anti-Analysis approaches to deceive a disassembler, detect a debugger or just make the analysis unbearable either with a disassembler or a debugger. However these techniques are used not only by the bad guys but also in some products which owners don't want them to be researched.
This talk is an introduction to anti-debug and obfuscation tricks in C/C++. It will cover the following topics:
- compile time encryption for strings;
- how to make breakpoints on system functions useless;
- how to hide system call from sandboxes and API monitors;
- how to detect an attached debugger.
Reverse Engineer at Check Point Software Technologies, Minsk, Belarus
Security Researcher at Check Point Research. Used to work as a C++ Developer. Worked on industrial automation and cyber security products. Currently utilizes his skills in malware analysis and security …