Method for Programs Protection against Breakpoints by Code Fragments Execution in a Shared Buffer

The article is devoted to the problem of creating anti-debugging mechanisms of the program. One of the most robust methods of setting breakpoints for programs is considered which cannot be detected by currently known algorithms. As part of the study, a new approach for program development is proposed which leads to decreasing in the effectiveness of debugging based on breakpoints. It is proposed to store program functions as a set of bytes and copy their code into one shared buffer before executing them. Given that the breakpoints are bound to the address, as a result we will get a debugger stop at each function executed in the buffer, not at any specific one, that will significantly increase the debugging time.

1. Apostolopoulos T., Katos V., Choo K. K. R., and Patsakis C. Resurrecting anti-virtualization and antidebugging: Unhooking your hooks. Future Generation Computer Systems, 2021, vol. 116, pp. 393–405.

2. Zhang B. Research Summary of Anti-debugging Technology. Journal of Physics: Conference Series. IOP Publishing, 2021, vol. 1744. no. 4, p. 042186.

3. Shields T. Anti-debugging – a developers view. Veracode Inc., USA, 2010.

4. Guo F., Ferrie P. and Chiueh T. C. A study of the packer problem and its solutions. International Workshop on Recent Advances in Intrusion Detection, 2008, pp. 98–115.

5. Deng Z., Zhang X. and Xu D. Spider: Stealthy binary program instrumentation and debugging via hardware virtualization. Proceedings of the 29th Annual Computer Security Applications Conference, 2013, pp. 289–298.

6. Deng Z., Xu D., Zhang X. and Jiang X. Introlib: Efficient and transparent library call introspection for malware forensics. Digital Investigation, 2012, vol. 9, pp. S13–S23.

7. Programmy raspakovshhiki [Programs for unpacking], available at: http://www.all-for-rus.narod.ru/unpack.htm (accessed: 21.06.2022).

8. Skript dlja analiza i ishodnyj kod primera [Analysis script and source code example], available at: https://github.com/ivannechta/UntiBPX/ (accessed: 21.06.2022).

9. Oficial'nyj sajt dizassemblera IDA [Official site of disassembler IDA], available at: https://www.hexrays.com/ida-free/ (accessed: 21.06.2022).