Title :
Anti-debugging Framework Based on Hardware Virtualization Technology
Author :
Yi, Tengfei ; Zong, Aijun ; Yu, Miao ; Gao, Shang ; Lin, Qian ; Yu, Peijie ; Ren, Zhong ; Qi, Zhengwei
Author_Institution :
Sch. of Software, Shanghai Jiao Tong Univ., Shanghai, China
Abstract :
Anti-debugging technique is widely used to protect executable files in commercial software applications. However, most of contemporary anti-debugging products fail to guarantee their functionalities in that when the application code is running on Ring 0 or above, malicious attackers can still manipulate it to block the anti-debugging process. This paper introduces an anti-debugging framework based on hardware virtualization technology called Virtual Machine Monitor (VMM), which can monitor each code running above its privilege level on Intel x86 platform. Our experiments demonstrate that major debuggers running on Microsoft Windows, such as VC2005 and WinDBG, are incapable to debug the target application with the protection of our anti-debugging framework.
Keywords :
program debugging; security of data; virtual machines; virtual reality; Intel x86 platform; Microsoft Windows; VC2005; Virtual Machine Monitor; WinDBG; anti-debugging framework; commercial software applications; hardware visualization technology; malicious attackers; Application software; Computer architecture; Computer science; Computerized monitoring; Hardware; Operating systems; Platform virtualization; Protection; Space technology; Virtual machine monitors; VMM; anti-debugging; hardware virtualization;
Conference_Titel :
Research Challenges in Computer Science, 2009. ICRCCS '09. International Conference on
Conference_Location :
Shanghai
Print_ISBN :
978-0-7695-3927-0
Electronic_ISBN :
978-1-4244-5410-5
DOI :
10.1109/ICRCCS.2009.63
