{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,3,26]],"date-time":"2024-03-26T20:38:15Z","timestamp":1711485495005},"reference-count":40,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2020,3,5]],"date-time":"2020-03-05T00:00:00Z","timestamp":1583366400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,3,5]],"date-time":"2020-03-05T00:00:00Z","timestamp":1583366400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Comput Virol Hack Tech"],"published-print":{"date-parts":[[2020,6]]},"DOI":"10.1007\/s11416-020-00347-x","type":"journal-article","created":{"date-parts":[[2020,3,5]],"date-time":"2020-03-05T06:04:37Z","timestamp":1583388277000},"page":"173-183","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Exploiting flaws in Windbg: how to escape or fool debuggers from existing flaws"],"prefix":"10.1007","volume":"16","author":[{"given":"Fran\u00e7ois","family":"Plumerault","sequence":"first","affiliation":[]},{"given":"Baptiste","family":"David","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,3,5]]},"reference":[{"key":"347_CR1","unstructured":"GDB community, GDB: The GNU Project Debugger, GDB (2019). www.gnu.org\/software\/gdb"},{"key":"347_CR2","unstructured":"LLVM community, The LLVM Compiler Infrastructure, LLVM Foundation (2019). https:\/\/llvm.org"},{"key":"347_CR3","unstructured":"Microsoft, First look at the Visual Studio Debugger, MSDN (2019). https:\/\/docs.microsoft.com\/fr-fr\/visualstudio\/debugger\/debugger-feature-tour?view=vs-2019"},{"key":"347_CR4","unstructured":"Radar community, Radar2, Radar Community (2019). https:\/\/github.com\/radare\/radare2\/"},{"key":"347_CR5","volume-title":"The IDA Pro Book: The Unofficial Guide to the World\u2019s Most Popular Disassembler","author":"C Eagle","year":"2011","unstructured":"Eagle, C.: The IDA Pro Book: The Unofficial Guide to the World\u2019s Most Popular Disassembler. No Starch Press, San Francisco (2011)"},{"key":"347_CR6","unstructured":"Microsoft, Download the Windows Driver Kit (WDK), MSDN (2018). https:\/\/docs.microsoft.com\/fr-fr\/windows-hardware\/drivers\/download-the-wdk"},{"key":"347_CR7","unstructured":"Bochs community, Bochs x86 PC emulator, Bochs, 16 July 2019 (2019). https:\/\/sourceforge.net\/projects\/bochs\/"},{"key":"347_CR8","unstructured":"Quynh, N.A., Vu, D.H.: Unicorn The ultimate CPU emulator, Unicorn (2017). https:\/\/www.unicorn-engine.org"},{"key":"347_CR9","unstructured":"Intel, Intel 64 and IA-32 Architectures Software Developer\u2019s Manual, Intel documentation, vol. 1, pp. 3\u201317 (2019)"},{"key":"347_CR10","unstructured":"Intel, Intel 64 and IA-32 Architectures Software Developer\u2019s Manual, Intel documentation, vol. 1, pp. 6\u201313 (2019)"},{"key":"347_CR11","unstructured":"Kulchytskyy, O., Kukoba, A.: Anti Debugging Protection Techniques With Examples, Apriorit (2019). https:\/\/www.apriorit.com\/dev-blog\/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software"},{"key":"347_CR12","unstructured":"Ferrie, P.: The \u201dUltimate\u201d Anti-Debugging Reference, Ferrie (2011)"},{"key":"347_CR13","unstructured":"Afianian, A.: Malware Dynamic Analysis Evasion Techniques: A Survey, Arxiv, November 2018, arXiv:1811.01190"},{"key":"347_CR14","unstructured":"Yuschuk, O.: OllyDbg, OllyDbg (2014). http:\/\/www.ollydbg.de"},{"key":"347_CR15","unstructured":"Microsoft, OutputDebugStringA function, MSDN (2018). https:\/\/docs.microsoft.com\/fr-fr\/windows\/win32\/api\/debugapi\/nf-debugapi-outputdebugstringa"},{"key":"347_CR16","unstructured":"Securityfocus, OllyDbg Debugger Messages Format String Vulnerability, securityfocus (2004). https:\/\/www.securityfocus.com\/bid\/10742"},{"key":"347_CR17","unstructured":"Ferrie P.: Anti-unpacker tricks\u2014part twelve, Microsoft (2010). https:\/\/www.virusbulletin.com\/virusbulletin\/2010\/09\/anti-unpacker-tricks-part-twelve"},{"key":"347_CR18","unstructured":"NASM community, NASM, The NASM development team (2018). https:\/\/www.nasm.us"},{"key":"347_CR19","unstructured":"Tully, J.: An Anti-Reverse Engineering Guide, code project (2008). https:\/\/www.codeproject.com\/Articles\/30815\/An-Anti-Reverse-Engineering-Guide#BpInt3"},{"key":"347_CR20","unstructured":"Yang Reiley, Data Breakpoints, Microsoft (2011). https:\/\/blogs.msdn.microsoft.com\/reiley\/2011\/07\/21\/data-breakpoints\/"},{"key":"347_CR21","unstructured":"Ferrie P.: ANTI-UNPACKER TRICKS, Microsoft (2005). http:\/\/pferrie.host22.com\/papers\/unpackers.pdf"},{"key":"347_CR22","volume-title":"Software Debugging","author":"YK Zhang","year":"2008","unstructured":"Zhang, Y.K.: Software Debugging. Publishing House of Electronics Industry, Beijing (2008)"},{"key":"347_CR23","unstructured":"Bowes, R.: In-depth malware: Unpacking the \u201dlcmw\u201d Trojan, SkullSecurity (2014). https:\/\/blog.skullsecurity.org\/2014\/in-depth-malware-unpacking-the-lcmw-trojan"},{"key":"347_CR24","unstructured":"Microsoft, Try-except Statement, MSDN (2018). https:\/\/docs.microsoft.com\/en-us\/cpp\/cpp\/try-except-statement?view=vs-2019"},{"key":"347_CR25","unstructured":"Microsoft, Thread Environment Block (Debugging Notes), MSDN (2018). https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/debug\/thread-environment-block--debugging-notes-"},{"key":"347_CR26","unstructured":"Microsoft, TEB structure, MSDN (2018). https:\/\/docs.microsoft.com\/fr-fr\/windows\/win32\/api\/winternl\/ns-winternl-teb?redirectedfrom=MSDN"},{"key":"347_CR27","unstructured":"Microsoft, Structured Exception Handling, MSDN (2018). https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/debug\/structured-exception-handling"},{"key":"347_CR28","unstructured":"Microsoft, Using an Exception Handler, MSDN (2018). https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/debug\/using-an-exception-handler"},{"key":"347_CR29","unstructured":"Microsoft, Using a Vectored Exception Handler, MSDN (2018). https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/debug\/using-a-vectored-exception-handler"},{"key":"347_CR30","unstructured":"Microsoft, Vectored Exception Handling, MSDN (2018). https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/debug\/vectored-exception-handling"},{"key":"347_CR31","unstructured":"Czumak, M.: Windows Exploit Development\u2014Part 6: SEH Exploits, Security Sift (2014). https:\/\/www.securitysift.com\/windows-exploit-development-part-6-seh-exploits\/"},{"key":"347_CR32","unstructured":"Swiat at Security Research & Defense, Preventing the Exploitation of Structured Exception Handler (SEH) Overwrites with SEHOP, Microsoft (2009). https:\/\/msrc-blog.microsoft.com\/2009\/02\/02\/preventing-the-exploitation-of-structured-exception-handler-seh-overwrites-with-sehop\/"},{"key":"347_CR33","unstructured":"Microsoft, EXCEPTION_RECORD structure, MSDN (2018). https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/api\/winnt\/ns-winnt-exception_record"},{"key":"347_CR34","unstructured":"Intel, Intel 64 and IA-32 Architectures Software Developer\u2019s Manual, Intel documentation, vol. 2, pp. 2\u20131 (2019)"},{"key":"347_CR35","unstructured":"Wikipedia, x86-64, Wikipedia foundation (2019). https:\/\/en.wikipedia.org\/wiki\/X86-64#Differences_between_AMD64_and_Intel_64"},{"key":"347_CR36","unstructured":"Intel, Intel 64 and IA-32 Architectures Software Developer\u2019s Manual, Intel documentation, vol. 2, pp. 2\u20138 (2019)"},{"key":"347_CR37","unstructured":"William Swanson, Understanding Intel Instruction Sizes, Swanson Technologies (2003). https:\/\/www.swansontec.com\/sintel.html"},{"key":"347_CR38","unstructured":"Intel, Intel 64 and IA-32 Architectures Software Developer\u2019s Manual, Intel documentation, vol. 2, pp. 2\u201320 (2019)"},{"key":"347_CR39","unstructured":"x64dbg community, x64dbg debugger (2013). https:\/\/x64dbg.com\/"},{"key":"347_CR40","unstructured":"Oleksenko, O., et al.: Intel MPX explained: a cross-layer analysis of the intel MPX system stack. In: Proceedings of the ACM on Measurement and Analysis of Computing Systems (2018). https:\/\/intel-mpx.github.io\/code\/submission.pdf"}],"container-title":["Journal of Computer Virology and Hacking Techniques"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-020-00347-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11416-020-00347-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-020-00347-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,3,5]],"date-time":"2021-03-05T01:01:05Z","timestamp":1614906065000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11416-020-00347-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,3,5]]},"references-count":40,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2020,6]]}},"alternative-id":["347"],"URL":"https:\/\/doi.org\/10.1007\/s11416-020-00347-x","relation":{},"ISSN":["2263-8733"],"issn-type":[{"value":"2263-8733","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,3,5]]},"assertion":[{"value":"9 August 2019","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"2 January 2020","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"5 March 2020","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}