Emulated Breakpoint Debugger and Data Mining Using Detours

Vancouver, BC, Canada October 28-October 31

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/WCRE.2007.25

14th Working Conference on Reverse En ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Jason Raber Articles by Eric Laspe

	ASCII Text	x
	Jason Raber, Eric Laspe, "Emulated Breakpoint Debugger and Data Mining Using Detours," Reverse Engineering, Working Conference on, pp. 271-272, 14th Working Conference on Reverse Engineering (WCRE 2007), 2007.

	BibTex	x
	@article{ 10.1109/WCRE.2007.25, author = {Jason Raber and Eric Laspe}, title = {Emulated Breakpoint Debugger and Data Mining Using Detours}, journal ={Reverse Engineering, Working Conference on}, volume = {0}, year = {2007}, issn = {1095-1350}, pages = {271-272}, doi = {http://doi.ieeecomputersociety.org/10.1109/WCRE.2007.25}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Reverse Engineering, Working Conference on TI - Emulated Breakpoint Debugger and Data Mining Using Detours SN - 1095-1350 SP271 EP272 A1 - Jason Raber, A1 - Eric Laspe, PY - 2007 VL - 0 JA - Reverse Engineering, Working Conference on ER -

Jason Raber

Eric Laspe

The ability to do dynamic analysis is a powerful tool in the arsenal of a reverse engineer. Sometimes a piece of code such as malware can employ anti- debugging or packing measures to make dynamic analysis difficult. We have instrumented Microsoft Detours into a stealthy debugger to emulate a breakpoint rather than using "INT 3" or DR0-DR7 hardware registers. Understanding code and data flow at a functional level can now be achieved by using an IDA Pro plug-in and the data mining feature that has been extended to Detours. `IF' is the tool that incorporates the emulated breakpoints and data mining capabilities.

Citation:

Jason Raber, Eric Laspe, "Emulated Breakpoint Debugger and Data Mining Using Detours," wcre, pp.271-272, 14th Working Conference on Reverse Engineering (WCRE 2007), 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.