Host Operating System Selection Wiki Page Discussion

Patrick · March 27, 2021, 11:16pm

Going to address other parts later.

Anti-disassembly, Anti-debugging and Anti-VM are properties of sophisticated malware and other programs.
(I am not saying this is perfect, unbreakable.)

Quote Sign in - Google Accounts

The purpose of anti-debugging is to hinder the process of reverse engineering. There could be several general approaches: (1) to detect the existence of a debugger, and behave differently when a debugger is attached to the current process; (2) to disrupt or crash a debugger. Approach (1) is the mostly frequently applied (see an excellent survey in [2]). Approach (2) is rare (it targets and attacks a debugger - and we will see several examples in Max++ later). Today, we concentrate on Approach (1).

Many web search results for:

anti-debugging

madaidan · March 27, 2021, 11:18pm

You don’t necessarily need to attach a debugger to the current running code or even execute it at all. One could use e.g. objdump and extract all the static assembly.

Patrick · March 28, 2021, 12:20pm

That won’t get you far with obfuscated binaries such as Skype. See how difficult that was:
https://www.oklabs.net/skype-reverse-engineering-the-long-journey/