DocumentCode :
2346844
Title :
Emulated Breakpoint Debugger and Data Mining Using Detours
Author :
Raber, Jason ; Laspe, Eric
Author_Institution :
Riverside Res. Inst., Dayton
fYear :
2007
fDate :
28-31 Oct. 2007
Firstpage :
271
Lastpage :
272
Abstract :
The ability to do dynamic analysis is a powerful tool in the arsenal of a reverse engineer. Sometimes a piece of code such as malware can employ anti-debugging or packing measures to make dynamic analysis difficult. We have instrumented Microsoft Detours into a stealthy debugger to emulate a breakpoint rather than using "INT 3" or DR0-DR7 hardware registers. Understanding code and data flow at a functional level can now be achieved by using an IDA Pro plug-in and the data mining feature that has been extended to Detours. IF\´ is the tool that incorporates the emulated breakpoints and data mining capabilities.
Keywords :
data flow analysis; data mining; program debugging; reverse engineering; DR0-DR7 hardware register; IDA Pro plug-in; INT 3 hardware register; Microsoft Detours; breakpoint debugger; code understanding; data flow; data mining; dynamic analysis; malware; reverse engineering; Character generation; Control systems; Data engineering; Data mining; Databases; Hardware; Instruments; Libraries; Power engineering and energy; Reverse engineering;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Reverse Engineering, 2007. WCRE 2007. 14th Working Conference on
Conference_Location :
Vancouver, BC
ISSN :
1095-1350
Print_ISBN :
978-0-7695-3034-5
Type :
conf
DOI :
10.1109/WCRE.2007.25
Filename :
4400174
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2346844
بازگشت