GET /api/techniques/339/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 339,
"key": "call-to-interrupt-procedure",
"unprotect_id": "U0124",
"name": "Call to Interrupt Procedure",
"description": "This anti-debugging technique involves using the `INT n` instruction to generate a call to the interrupt or exception handler specified with the destination operand.\r\n\r\nTo implement this technique, the int `0x03` instruction is executed, followed by a `ret` (0xCD03, 0xC3) nested in a `__try, __except block`. If a debugger is present, the except block will not be executed, and the function will return TRUE, indicating that a debugger is running.\r\n\r\nThis technique can be used to prevent analysts from analyzing and manipulating the malware's code during runtime.",
"resources": "http://www.nacad.ufrj.br/online/intel/vtune/users_guide/mergedProjects/analyzer_ec/mergedProjects/reference_olh/mergedProjects/instructions/instruct32_hh/vc140.htm",
"creation_date": "2023-03-10T02:29:39.347000Z",
"tags": "Anti-debugging, X86 instruction, RET",
"modification_date": "2023-10-04T10:44:25.147000Z",
"category": [
3
],
"rules": [],
"attachments": [],
"featured_api": [],
"contributors": []
}
