Covert Debugging: Circumventing Software Armoring Techniques presented at Blackhat USA 2007

by Valsmith ,

Tags: Security

Summary : Software armoring techniques have
increasingly created problems for reverse engineers and software
analysts. As protections such as packers, run-time obfuscators, virtual
machine and debugger detectors become common newer methods must be
developed to cope with them. In this talk we will present our covert
debugging platform named Saffron. Saffron is based upon dynamic
instrumentation techniques as well as a newly developed page fault
assisted debugger. We show that the combination of these two techniques
is effective in removing armoring from the most advanced software
armoring systems. As a demonstration we will automatically remove
packing protections from malware.