Fake-memory-on-access-breakpoint

From aldeid
Jump to navigation Jump to search

Description

Some packers will place fake memory on-access breakpoints to fool the analyst. Here is an example:

Fake-memory-breakpoint.png

To bypass this, patch the RETN into INT3:

Patch-fake-memory-breakpoint.png

Comments

Keywords: anti-reverse