[hleach]

I agree. I'm not sure I understand your point though. This isn't contrary to anything I said. I mention unpacking which would be a pre-debugger process.

I believe you are just being pedantic about my use of the word "debugging" to include things like unpacking, static analysis, and a variety of tools and processes used.

[monocasa]

The binaries aren't preencrypted here, the dynamic nature is the whole point. There's nothing to unpack since you just reference the binary, and no added work for the debugger.

So when you say

> For example it appears to combat ROP they are additionally encrypting the code segment of the program and decrypting on an as needed basis. I am absolutely sure this would make debugging more difficult.

It's just not true.

[hleach]

So yes, you are correct it's being encrypted dynamically at the hardware level.

You just debug in a system without these protections turned on then.

[monocasa]

No, I'm saying you don't have to turn off these protections.

Like, can you give an example of a debugging task you have carried out that requires reading the code segment of the running process?

[hleach]

Required? No, but I didn't say impossible. I said "more difficult".

Made easier by? Most everything ever loaded in a debugger.

[hleach]

Just for an example. How about debugging a non trivial issue between a program and a dynamically loaded library.

You can't just scan the IAT/PLT. You are going to have to find load points or manually step through, and maybe calculate function offsets in the library. Not impossible at all.

It is however something you could have just quickly glanced at and found otherwise.