Fake-memory-on-access-breakpoint

From aldeid

Jump to navigation Jump to search

Description

Some packers will place fake memory on-access breakpoints to fool the analyst. Here is an example:

To bypass this, patch the RETN into INT3:

Comments

Keywords: anti-reverse

Retrieved from "https://www.aldeid.com/w/index.php?title=Fake-memory-on-access-breakpoint&oldid=28620"

Digital-Forensics/Computer-Forensics/Anti-Reverse-Engineering/Anti-Debug/Thwarting-Debugger

Share your opinion