Previous debugging methods

This anti-debugging method is different from the previous anti-debugging method.
In the past, anti-debugging was based on the determination of the debugging personnel. Currently, powerful VMP and TMD methods are also used, the disadvantage of this method is that it is ineffective for a strong-willed, curious, or shake M (that is, if you give him a slap in the face, he also feels good from the heart. At present, we can all crack the VMP, TMD's norm, and prove the bottleneck of this anti-debugging. The anti-debugging method described in this article is an alternative anti-debugging method that has never been used by others, which is different from common sense. These anti-debugging methods fully reflect the human-oriented.... You can see it later!
Method 1: Heart Break/Jump Message)
This method is especially effective for those with weak minds. The specific method is also very simple:

Code:

00401000 | EB 12 jmp short 00401014
00401002 | 46 75 63 .. ASCII "Fuck your sister"
00401012 | 2E 00 ASCII ".", 0
00401014 | B8 02104000 mov eax, 00401002
00401019 | C3 RETN adds a Jump command to the debugging personnel's path, and then you can write some words that can sting the debugging mind and understand it. As the saying goes: "There are eight or nine bad things in life." You can definitely find the weakness in his mind, and write a paragraph in the language you have learned, deeply sting his mind. Debugging programs that contain this anti-Debugging Technique is so sad that they commit suicide (don't let me out). The effect is remarkable!
Method 2: Come on baby/Empty Function)
What is your mood when you enter a Call and find that there is only a Retn command in it?

Code:

00401000 | C3 RETN
00401001 | CC INT3
........................................ ..
00401010 | E8 ebffffff call 00401000
00401015 | E8 BE010000 CALL 004011D8
0040101A | 33C0 xor eax, EAX
0040101C | C3 RETN you can write a program by yourself and write a lot of such empty functions into the PE file, so that the debugger does not know which functions contain the content, which functions are empty. This anti-debugging method can greatly damage the desire of the debugger to access the Call. In severe cases, Call phobia may occur.
Method 3: Not Interesting/Multi-Jump)
This method uses a large number of Jump commands in one place, just like the following (giving people the feeling that they want to jump and quit without jumping ):

Code:

00401000 | EB 1A jmp short 0040101C
00401002 | EB 1A jmp short 0040101E
00401004 | EB 06 jmp short 0040100C
00401006 | EB 0A jmp short 00401012
00401008 | EB 1E jmp short 00401028
0040100A | EB F6 jmp short 00401002
0040100C | EB 14 jmp short 00401022
0040100E | EB F8 jmp short 00401008
00401010 | EB F2 jmp short 00401004
00401012 | eb fa jmp short 0040100E
00401014 | EB 0E jmp short 00401024
00401016 | EB 08 jmp short 00401020
00401018 | EB F6 jmp short 00401010
0040101A | eb fa jmp short 00401016
0040101C | EB F6 jmp short 00401014
0040101E | EB 06 jmp short 00401026
00401020 | EB E4 jmp short 00401006
00401022 | EB E6 jmp short 0040100A
00401024 | EB F4 jmp short 0040101A
00401026 | EB 02 jmp short 0040102A
00401028 | eb ee jmp short 00401018 this method is relatively powerful, and a step-by-step approach can lead to nausea, you can also use Call/Pop, Push/Retn, JB (<-JNAE), and other commands to jump to the page. This anti-debugging is suitable for dealing with people with strong interests, so that they can get cold and finally give up on program analysis!
Method 4: No More Blood/Moe-Kill)
This method is applicable to the pop-up dialog box after the debugger is found. A very cute image is displayed in the dialog box:
Name: Oblique smile. PNG views: 1 file size: 80.8 KB
After the commissioning personnel saw this, the nose blood would eventually lead to insufficient blood oxygen throughout the body and pay the price of life. In fact, you can also replace this with an image that is scary. when ordinary people are not prepared, they will basically go to the hospital. The debugging personnel may also be scared. This is an extremely brutal anti-debugging and should be used with caution!
Method 5: Ear Destruct/Music Cut)
Most games that have been debugged have experienced it. Once the debugger is used to disconnect the playing thread (not the sound effect), The BGM of the game will normally be like a card band, people are very upset. You can add the music playing code in the thread where your program needs to execute the secret code (remember to use DirectSound, and do not write all the audio data into the Buffer at once ). Once someone goes through the debugging and disconnects the thread, hey, the eardrum is suffering from choppy sound, the brain is buzzing, and the display will definitely be thrown out of the window. However, this anti-debugging method has a very fatal weakness: the debugger can turn off the sound ......
If you read the above methods, say these are pediatrics, nonsense, selling Cute pets, and will question why LZ ran out of the bowl to give up treatment, then, the following Ultimate Anti-Debug Method will allow you to completely change your views on this article!
Ultimate method: Missing Target/color ○ Attack (Sex Attack)
Food and color. What if the debugger sees something more attractive than the debugging program?
(The following is actually a normal video. Don't delete it. If you don't believe it, check it out. I'm a big Bilibili)

Code:

00401485 | E8 ED280000 CALL 00403D77
0040148A | E9 95 feffff jmp 00401324
0040148F | E9 5C690000 JMP 00407DF0
00401494 | 53 65 78 .. ASCII "SexVideo: http ://"
004014A4 | 77 77 .. ASCII "www. bilibili. TV /"
004014B4 | 76 69 64 .. ASCII "video/av298244/", 0 is more effective when written at the entry point, because in the debugger, generally (TLS is not excluded) programs are disconnected from OEP, then you can write some bad information or websites on or below the OEP. In fact, you can add a large amount of such information to the entire program. Debugging people with this type of Anti-debugging program will basically be unable to help without determining the force, or those who have been killed by the assembly code! Slowly, debugging the expression will become cumbersome, the behavior will become paralyzed, and the kidney function will gradually become exhausted, eventually ○ death! The hero is sad and the beauty of the world is fierce !!!!
------------------------------------------------------------------------
How is the above technology simple and amazing! In fact, there are many other powerful technologies. Let's explore them slowly!