Long time no updates. Sorry about that, the life of the AV reverse engineer is a busy one, but busy is good right?
Anywho, I come bearing gifts. An anti-debugger trick I learned (while coding skiddy AV tool).
The way it works is simple – under normal circumstances, the working set (amount of memory a process needs at a given time) is never very big, however when being debugged, that working set size is huge. By checking the working set size, I was able to see if I was in a debugger. Neato.
Oh right, the code:
Next week (or hell maybe even tomorrow), I’m gonna pop out a new longer better blog post on one of my more favorite topics – shellcode.
Until then, happy hacking!