Browse > Article
http://dx.doi.org/10.7472/jksii.2016.17.5.33

The design and implementation of pin plugin tool to bypass anti-debugging techniques  

Hong, Soohwa (Department of Computer and Software, Hanyang University)
Park, Yongsu (Department of Computer and Software, Hanyang University)
Publication Information
Journal of Internet Computing and Services / v.17, no.5, 2016 , pp. 33-42 More about this Journal
Abstract
Pin is a framework that creates dynamic program analysis tools and can be used to perform program analysis on user space in Linux and Windows. It is hard to analyze the program such as Anti-reversing program or malware using anti-debugging by Pin. In this paper, we will suggest the implementation of scheme bypassing anti-debugging with Pin. Each pin code is written to bypass anti-debugging detecting Pin. And Pin creates a pin tool combined with Pin codes that bypass anti-debugging methods. The pin tool are tested with files created by anti-debugging protector. The technique in the paper is expected to be a reference of code bypassing anti-debugging and be applied to bypass newly discovered anti-debugging through code modification in the future.
Keywords
Anti-debugging; Pin; Dynamic analysis; Protector; Reverse engineering;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Introduction Into Windows Anti-Debugging - http://www.codeproject.com/Articles/29469/Introduction-Into-Windows-Anti-Debugging
2 W. Yan, Z. Zhang, N. Ansari, "Revealing Packed Malware", IEEE Security & Privacy, Vol.6, Issue 5, pp. 65-69, 2008. http://dx.doi.org/10.1109/MSP.2008.126   DOI
3 Dhruwajita Devi, Sukumar Nandi, "Detection of packed malware", SecurIT '12 Proceedings of the First International Conference on Security of Internet of Things, pp. 22-26, NY, USA, August, 2012. http://dx.doi.org/10.1145/2490428.2490431   DOI
4 Gabriel Negreira Barbosa, Rodrigo Rubira Branco, "Prevalent Characteristics in Modern Malware", black hat USA 2014, Las Vegas, USA, August, 2014. https://www.blackhat.com/docs/us-14/materials/us-14-Branco-Prevalent-Characteristics-In-Modern-Malware.pdf
5 Luk, C., Cohn, R., Muth, R., Patil, H., Klauser, A., Lowney, G., Wallace, S., Vijay Janapa Reddi, and Hazelwood, "K. Pin: building customized program analysis tools with dynamic instrumentation", In Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation, Chicago, IL, USA, June, 2005. http://dx.doi.org/10.1145/1065010.1065034   DOI
6 Steven Wallace, Kim Hazelwood, "SuperPin: Parallelizing Dynamic Instrumentation for Real-Time Performance", International Symposium on Code Generation and Optimization, San Jose, CA, March 2007. http://dx.doi.org/10.1109/CGO.2007.37   DOI
7 RR Branco, GN Barbosa, PD Neto, "Scientific but Not Academical Overview of Malware Anti-Debugging, Anti-Disassembly and Anti-VM Technologies", black hat USA 2012, Las Vegas, USA, July, 2012. https://media.blackhat.com/bh-us-12/Briefings/Branco/BH_US_12_Branco_Scientific_Academic_Slides.pdf
8 Sean Peisert, Matt Bishop, Sidney Karin, and Keith Marzullo, "Analysis of Computer Intrusions Using Sequences of Function Calls", IEEE Transactions on Dependable and Secure Computing (TDSC), Vol 4, Issue 2, pp. 137-150, April, 2007. http://dx.doi.org/10.1109/TDSC.2007.1003   DOI
9 Alex Skaletsky, Tevi Devor, Nadav Chachmon, Robert Cohn, Kim Hazelwood, Vladimir Vladimirov, Moshe Bach. "Dynamic Program Analysis of Microsoft Windows Applications", International Symposium on Performance Analysis of Software and Systems (ISPASS). White Plains, NY. April 2010. http://dx.doi.org/10.1109/ISPASS.2010.5452079   DOI
10 Pin 2.14 User Guide - https://software.intel.com/sites/landingpage/pintool/docs/71313/Pin/html/
11 Peter Ferrie. The "Ultimate" Anti-Debugging Reference, May, 2011 - http://www.anti-reversing.com/the-ultimate-anti-debugging-reference/
12 A. J. Smith, R. F. Mills, A. R. Bryant, G. L. Peterson, M. R. Grimaila, "REDIR: Automated Static Detection of Obfuscated Anti-Debugging Techniques", Collaboration Technologies and Systems (CTS), 2014 International Conference, Minneapolis, MN, USA, May, 2014. http://dx.doi.org/10.1109/CTS.2014.6867561   DOI
13 K. Yoshizaki, T. Yamauchi, "Malware Detection Method Focusing on Anti-debugging Functions", Computing and Networking (CANDAR), 2014 Second International Symposium, Shizuoka, Japan, Dec, 2014. http://dx.doi.org/10.1109/CANDAR.2014.36   DOI
14 Tyler Shields. Anti-Debugging - A Developers View. Whitepaper, Veracode Inc, 2009.
15 An Anti-Reverse Engineering Guide - http://www.codeproject.com/Articles/30815/An-Anti-Reverse-Engineering-Guide