O'Reilly logo

Gray Hat Python by Justin Seitz

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Defeating Anti-Debugging Routines in Malware

Current malware variants are becoming more and more devious in their methods of infection, propagation, and their ability to defend themselves from analysis. Aside from common code-obfuscation techniques, such as using packers or encryption techniques, malware will commonly employ anti-debugging routines in an attempt to prevent a malware analyst from using a debugger to understand its behavior. Using Immunity Debugger and some Python, we are able to create some simple scripts to help bypass some of these anti-debugging routines to assist an analyst when observing a malware sample. Let's look at some of the more prevalent anti-debugging routines and write some corresponding code to bypass them.

IsDebuggerPresent ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required