Basic Tecniques for Fighting Anti-Debugging Some software doesn’t want to be analyzed. Developers may build in “anti-debugging” defenses to protect intellectual property, build anti-cheat mechanisms in games, or make malware analysis more difficult. These are clever tricks designed to detect the presence of a debugger (like GDB) and alter the program’s behavior—or simply crash it—to frustrate the analyst. We will explore two common anti-debugging techniques used on Linux and demonstrate how to defeat them. We’ll use a powerful feature of the Linux dynamic linker, the LD_PRELOAD environment variable, to bypass these checks and regain control, allowing us to analyze the code as intended. ...

Another experiement, this time hiding data inside an audio recording

A little experiment in hiding basic text in binary data