Tried, Tested and Proven

Monthly Archives: May 2014

The era of anti-analysis methods based on simple tricks such as the well-known ‘IsDebuggerPresent’ API and other similar functions mostly belongs to the past. These APIs are still used for simple and quick Ring3 debuggers detection, but malware authors don’t know less than we do. Most of the anti-reversing tricks implemented through straight forward usage of such Windows APIs are generally very easy to bypass even without specific knowledge, with the use of a debugger plugin that will perform the appropriate patches on runtime. Continue reading