Anti-Debug Library: Vista-revisions

12Jul09

Well, the last build had some an XP-only trick, and a problem with the GetHeapFlags function (Vista’s default heap handling is a bit different than XP’s; luckily, the heap behavior for debugging is still identifiable).

The OutputDebugString trick was only available on XP, but, as an alternative, I setup a formatting exploit that’s been reported to cause problems in a few different debuggers (Most notably, OllyDBG).

On top of that, I added a few new lesser documented tricks, and another one I pioneered myself to ensure the anti-debug was running. Enjoy!

e
Advertisements


No Responses Yet to “Anti-Debug Library: Vista-revisions”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: