Search For Content
Search Result
20 item(s) found so far for this keyword.
Abusing the Return Pointer
Abusing the return pointer is an anti-disassembling technique that involves using the return instruction (RETN) in a way that is not expected by the disassembler. This can make it more difficult for the disassembler to accurately reconstruct the program's original instructions and can also make it more difficult for analysts to understand the program's behavior.
The RETN instruction is …
Read moreImpossible Disassembly
Impossible disassembly is an anti-disassembling technique that involves inserting data bytes after a conditional jump instruction in order to prevent the real instruction that follows from being disassembled. This technique takes advantage of a basic assumption in disassembly, which states that one byte is only interpreted in the context of one instruction. By inserting a byte that is the opcode …
Read moreJump With Same Target
Jump with the same target is an anti-disassembling technique that involves using back-to-back conditional jump instructions that both point to the same target. This can make it difficult for a disassembler to accurately reconstruct the original instructions of the program, as the disassembler will not be able to determine the intended behavior of the program without actually executing it.
…
Read moreOpcode Obfuscation
Opcode obfuscation is an anti-disassembling technique that involves modifying the opcodes of a program's machine language instructions in order to make it more difficult for a disassembler to accurately reconstruct the original instructions. This can be done in a variety of ways, such as by using equivalent but different opcodes for the same operation, by adding additional instructions or data …
Read moreCall Trick
The call trick is an anti-disassembling technique that involves modifying the default function's return address. This can be used in conjunction with other techniques, such as the insertion of garbage bytes, to break disassemblers. Disassemblers that use recursive traversal or linear sweep may be particularly vulnerable to this trick, as they may be unable to accurately interpret the next instruction …
Read moreAPI Obfuscation
API obfuscation is a technique used by malware to make it more difficult for security analysts to understand and analyze the code. This is typically done by using a technique called API hashing, which replaces the names of API functions with a hashed value. When an analyst runs the malware through a disassembler tool, the hashed values are printed instead …
Read moreControl Flow Graph Flattening
Control flow flattening is a technique used to obfuscate the control flow of a program, in order to make it more difficult for a disassembler to accurately interpret the program's behavior. This technique involves breaking up the nesting of loops and if-statements in a program, and then hiding each of them in a case of a large switch statement. This …
Read moreSpaghetti, Junk Code
Junk code is a technique used to add meaningless or irrelevant instructions to a program, in order to make it more difficult for a disassembler to accurately interpret the program's behavior. This technique is often used by malware authors to make it more difficult for analysts to reverse engineer the malware and understand its behavior.
Junk code can be …
Read moreObscuring Control Flow Using Pointers
The use of pointers in a program can be an issue for disassemblers, because pointers can be used in complex ways that are difficult for the disassembler to accurately interpret. This can make it more difficult for the disassembler to generate correct disassembly output, and can also make it more difficult for analysts to understand the program's behavior.
Pointers …
Read moreObscuring Control Flow
Obscuring control flow is an anti-disassembling technique that involves using methods of flow control that are difficult or impossible for disassemblers and debuggers to follow. This can make it more difficult for analysts to understand the program's behavior and can also make it more difficult for other tools, such as debuggers, to accurately interpret the program.
One example of …
Read more