写意互联网 http://ucooper.com
写意互联网,关注搜索引擎技术,涉猎搜索引擎优化、软件破解、PHP 网站建设、Wordpress 应用等
反调试技术...............................................................................................................................2
发现 OD 的处理...............................................................................................................2
1. 窗口类名、窗口名...................................................................................................3
2. 检测调试器进程.......................................................................................................4
3. 父进程是否是 Explorer............................................................................................5
4. RDTSC/ GetTickCount 时间敏感程序段 ................................................................6
5. StartupInfo 结构........................................................................................................7
6. BeingDebugged.........................................................................................................8
7. PEB.NtGlobalFlag , Heap.HeapFlags, Heap.ForceFlags..........................................9
8. DebugPort: CheckRemoteDebuggerPresent()/NtQueryInformationProcess()........12
9. SetUnhandledExceptionFilter/ Debugger Interrupts...............................................14
10. Trap Flag 单步标志异常 ....................................................................................16
11. SeDebugPrivilege 进程权限..............................................................................16
12. DebugObject: NtQueryObject()..........................................................................17
13. OllyDbg:Guard Pages ......................................................................................20
14. Software Breakpoint Detection...........................................................................22
15. Hardware Breakpoints Detection ........................................................................24
16. PatchingDetection CodeChecksumCalculation 补丁检测,代码检验和..........25
17. block input 封锁键盘、鼠标输入......................................................................26
18. EnableWindow 禁用窗口...................................................................................27
19. ThreadHideFromDebugger .................................................................................27
20. Disabling Breakpoints 禁用硬件断点................................................................29
21. OllyDbg:OutputDebugString() Format String Bug.............................................30
22. TLS Callbacks.....................................................................................................30
反反调试技术.................................................................................................................35
评论5
最新资源