Irreversible Applications for Windows NT Systems

Rahul Gunawardhana, Kavinga Abeywardena

2022

Abstract

Anti-reversing or anti-debugging mechanisms refer to the implementations put in place in an application that tries to hinder or completely halt the process of debugging and disassembly. The paper discusses the possibility of a monitoring system that would prevent any debugger from debugging a given process in a Windows NT environment. This project aims to facilitate a similar concept present in that of anti-cheat monitoring programs in online games for commercial products and applications. In contrast, an anti-cheat product monitors the game’s memory pages for direct or indirect modifications either via internal (within the process) mechanisms such as hooks and DLL injections or external mechanisms such as Read Process Memory (RPM), Write Process Memory (WPM), named pipes, sockets. In many other scenarios, the anti-debug program would monitor a selected process for attempts of debug or disassembly.

Paper Citation

in Harvard Style

Gunawardhana R. and Abeywardena K. (2022). Irreversible Applications for Windows NT Systems. In Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-590-6, pages 479-484. DOI: 10.5220/0011051700003283

in Bibtex Style

@conference{secrypt22,
author={Rahul Gunawardhana and Kavinga Abeywardena},
title={Irreversible Applications for Windows NT Systems},
booktitle={Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2022},
pages={479-484},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011051700003283},
isbn={978-989-758-590-6},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - Irreversible Applications for Windows NT Systems
SN - 978-989-758-590-6
AU - Gunawardhana R.
AU - Abeywardena K.
PY - 2022
SP - 479
EP - 484
DO - 10.5220/0011051700003283