c0rtado / showstopper

ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solutions that clash with standard anti-debug methods.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

ShowStopper - Anti-Debug tricks exploration tool

Contributed by Check Point Software Technologies LTD.
Programmed by Yaraslau Harakhavik

Overview

The ShowStopper project is a tool to help malware researchers explore and test anti-debug techniques or verify debugger plugins or other solutions that clash with standard anti-debug methods.
With this tool, you can attach a debugger to its process and research the debugger’s behavior for the techniques you need (the virtual addresses of functions that apply to anti-debug techniques are printed to console) and compare them with their implementation. The tool includes a varied set of different techniques from multiple sources, including real-world malware and published documents and articles. The implemented techniques work for the latest Windows releases and for different modern debuggers.

Documenattion

How to install and use the tool, and contribute your findings in the documentation for the project.

System Requirements

  • Windows 7, 8, 8.1, 10 (x86/x86-64)
  • 32-Bit debuggers (OllyDbg, x32dbg, WinDbg, etc.)

References

About

ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solutions that clash with standard anti-debug methods.

License:MIT License


Languages

Language:C++ 95.5%Language:C 4.5%