本文介绍了通过VMWare调试用户界面程序(全面反调试)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我目前正在尝试颠倒一个有着强大的反调试技巧的 Linux 下的程序。我能够打败其中的一些,但我仍然在与其余的战斗。令人遗憾的是,由于我平庸,所以我花更多的时间超出预期。无论如何,程序运行没有任何痛苦的虚拟机(我尝试使用VMWare和VBox),所以我正在考虑在虚拟机中跟踪其执行情况,然后在调试器(gdb)下的跟踪和差异他们看到更改是更容易找到反调试技巧。

但是,我很久以前用vmware做了一些内核调试,或多或少的确定(我记得可以访问线性地址...),但这里有一点我想。

I am currently trying to reverse a program under Linux that has a bunch of anti-debug tricks. I was able to defeat some of them, but I am still fighting against the remaining ones. Sadly since I am mediocre, it is taking me more time than expected. Anyway, the programs runs without any pain in a VM (I tried with VMWare and VBox), so I was thinking about taking a trace of its execution in the VM, then a trace under the debugger (gdb) and diff them to see were the changes are and find out the anti-debug tricks more easily.
However, I did some kernel debugging with vmware a long time ago, it was more or less ok (I remember having access to the linear address...), but here it's a bit different I think.

您是否看到一种简单的方法来调试此用户程序,而不会造成太多的痛苦?

Do you see an easy way to debug this userland program without going into too much pain ?

推荐答案

我建议使用,它是监控程序执行的工具,它基于XEN虚拟机管理程序。该工具的全部要点是跟踪程序的执行,而不会被察觉。首先要做的是去他们的网站,点击恶意软件选项卡,然后提交你的二进制文件,看看他们的自动化Web界面是否可以为你做。如果这个失败,你可以自己安装它,这是一个痛苦但可行的,应该产生很好的结果,我已经能够安装它过去。他们在Ether网站上有说明,但如果您建议您也可以查看

I would suggest using Ether, which is a tool for monitoring the execution of a program and is based on the XEN hypervisor. The whole point of the tool is to trace a program's execution without being observable. The first thing to do is go to their website and click on the malware tab, then submit your binary and see if their automated web interface can do it for you. If this fails, you can install it yourself, which is a pain, but doable, and should yield good results, I have been able to install it in the past. They have instructions on the Ether website, but if you I'd suggest you also take a look at these supplemental instructions from Offensive Computing

一些其他自动化分析网站可以为您做点窍门:
通过SRI国际
和Renovo by bitblaze在加州大学伯克利分校

A couple of other automated analysis sites that could do the trick for you:Eureka by SRI internationaland Renovo by bitblaze at UC Berkeley

这篇关于通过VMWare调试用户界面程序(全面反调试)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-30 01:52