In addition the the immunity debugger, we are going to use WinDbg in this tutorial. In the following, we use an experimental approach to explore the possible ways to make a program behave differently when running in a virtual machine and debugged environment. The behavior of int 2d instructions may be affected by many factors, e.g., the SEH handler installed by the program itself, whether the program is running under a ring 3 debugger, whether the OS is running in the debugged mode, the program logic of the OS exception handler (KiDispatch), the value of registers when int 2d is requested (determining the service that is requested).
Basic control flow constructs in x86 assembly.Debugging and modification of binary executable programs.Explore the behavior difference of debuggers on int 2dh.
0 kommentar(er)
