GET /api/techniques/74/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 74,
"key": "int3-instruction-scanning",
"unprotect_id": "U0105, B0001.025",
"name": "INT3 Instruction Scanning",
"description": "Instruction `INT3` is an interruption which is used as Software breakpoints. These breakpoints are set by modifying the code at the target address, replacing it with a byte value `0xCC` (INT3 / Breakpoint Interrupt). \r\n\r\nThe exception `EXCEPTION_BREAKPOINT` (0x80000003) is generated, and an exception handler will be raised. Malware identify software breakpoints by scanning for the byte 0xCC in the protector code and/or an API code.",
"resources": "https://www.blackhat.com/presentations/bh-usa-07/Quist_and_Valsmith/Whitepaper/bh-usa-07-quist_and_valsmith-WP.pdf\nhttps://anti-debug.checkpoint.com/techniques/assembly.html#int3",
"creation_date": "2019-03-18T13:44:00Z",
"tags": "int3",
"modification_date": "2023-10-04T10:42:47.549000Z",
"category": [
3
],
"rules": [
70,
84
],
"attachments": [],
"featured_api": [
360
],
"contributors": []
}
