The point of this isn't "perfect" anti-static-analysis, but the following should be configured at build to make it nontrivial:
- CMake build target should be set to MinSizeRel, where it excludes debug info and optimizes for size
add_custom_command(TARGET ${PROJECT_NAME} POST_BUILD COMMAND strip -R .comment ${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME})in CMakeLists.txt to strip the .comment section after every buildadd_custom_command(TARGET ${PROJECT_NAME} POST_BUILD COMMAND echo 'Ag==' | base64 -d | dd conv=notrunc of=${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME} bs=1 seek=5)in CMakeLists.txt
The easiest way to build is via VSCode CMake Extension on the target platform. Otherwise it may take some finnagling.
cd detect-debugger
mkdir build
cd build
cmake ..; make# I am assuming default powershell with aliases
chdir detect-debugger
mkdir build
chdir build
cmake ..; msbuild build/somefile # need to build on windows to get the actual name- Geoff Chappell, Software Analyst (ask him about consulting!)
- Checkpoint Anti-Debug Tricks
- Process Hacker documentation
- GCC toolchain for windows x64
- After installing toolchain, rename sh.exe and create a symlink called sh.exe to bash.exe. Bourne Shell Sucks Balls and will give you an arcane syntax error
- Hacker's Corner: Complete Guide to Anti-Debugging in Linux - Part 1
- CTF Wiki: Detecting Breakpoints Bypassing
- CodeBreakers 2006 - AntiDebugging Techniques
- Programming Linux Anti-Reversing Techniques.pdf
- Check out this great project by a0rtega called pafish for all your Anti-VM testing needs