Anti-Debugging

 What is Breakpoint?  Breakpoint is an intentional stopping or pausing a program to acquire knowledge about a program during its execution.  Breakpoint is a means of acquiring knowledge about a program during its execution. Breakpoints are Program locations where we want the processor to halt so that we can do some sort of debugging During the interruption, the programmer inspects the test environment (general purpose registers, memory, logs, files, etc.) to find out whether the program is functioning as expected. What is Hardware Breakpoint? Hardware breakpoints are actually comparators, comparing the current PC (program counter) with the address in the comparator (when enabled).  Hardware breakpoints watch an internal bus or the program counter, and if it matches a certain condition, it will stop the processor, or will do whatever the hardware implements for that condition. CPUs have only a limited number of hardware breakpoints (comparators). The number of ava...

 In this article we are going to see " How does Malware check is Software breakpoints  is enabled or not in Malware code?" While executing malware files normally malware checks the file is executing under the analysis or not, also checks for the anti debugging tricks. In this article we will see one of the anti debugging tricks of malware with POC. This anti debugging trick is Anti Breakpoints tricks using Software Breakpoints. For this POC I have written code in C programming and for analysis purpose used IDA debugger. I have written simple code and if we execute without putting breakpoints then it will simply show the 3 messages as below:      Execution started                 Hello World!!!      Execution Ended But If u put any software breakpoints while running the samples then it will show extra message that as below: Anti-Debugging techniques using Software Breakpoint...