DocumentCode :
2330604
Title :
Stealthy Profiling and Debugging of Malware Trampolining from User to Kernel Space
Author :
Raber, Jason
Author_Institution :
Cyber Res. Lab., Riverside Res., Beavercreek, OH, USA
fYear :
2011
fDate :
17-20 Oct. 2011
Firstpage :
431
Lastpage :
432
Abstract :
A reverse engineer trying to understand protected malware binaries is faced with avoiding detection by antidebugging protections. Advanced protection systems may even load specialized drivers that can re-flash firmware and change the privileges of running applications, significantly increasing the penalty of detection. Hades is a Windows kernel driver designed to aid reverse engineering endeavors. It avoids detection by employing intelligent instrumentation via instruction rerouting in both user and kernel space. This technique allows a reverse engineer to easily debug and profile binaries without fear of invoking protection penalties.
Keywords :
invasive software; program debugging; reverse engineering; Hades; Windows kernel driver; antidebugging protection; instruction rerouting; intelligent instrumentation; malware; reverse engineering; stealthy profiling; Aerospace electronics; Debugging; Instruments; Kernel; Malware; Registers; Reverse engineering; Kernel driver; anti-debugging; cyber; function hooking; reverse engineering;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Reverse Engineering (WCRE), 2011 18th Working Conference on
Conference_Location :
Limerick
ISSN :
1095-1350
Print_ISBN :
978-1-4577-1948-6
Type :
conf
DOI :
10.1109/WCRE.2011.62
Filename :
6079873
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2330604
بازگشت