ShowStopper – Anti-Debug tricks exploration tool
The ShowStopper project is a device to aid malware scientists investigate and test anti-debug tactics or verify debugger plugins or other solutions that clash with common anti-debug approaches.
With this device, you can connect a debugger to its process and investigate the debugger’s conduct for the tactics you need to have (the digital addresses of features that utilize to anti-debug techniques are printed to console) and assess them with their implementation. The device consists of a diverse set of diverse approaches from numerous sources, such as true-entire world malware and published files and article content. The applied strategies work for the most recent Home windows releases and for different contemporary debuggers.
Documenattion
How to install and use the software, and lead your conclusions in the documentation for the challenge.
Procedure Demands
- Windows 7, 8, 8.1, 10 (x86/x86-64)
- 32-Bit debuggers (OllyDbg, x32dbg, WinDbg, and so on.)
References
- P. Ferrie. The “Ultimate”Anti-Debugging Reference
- N. Falliere. Windows Anti-Debug Reference
- J. Jackson. An Anti-Reverse Engineering Guideline
- Anti Debugging Safety Strategies with Examples
- simpliFiRE.AntiRE
Programmed by Yaraslau Harakhavik
