|
|
|
|
|
|
by _8j50
1024 days ago
|
|
|
Windows also has many similar evasion techniques, like checking if there is a top level exception handler. I use scyllahide, but even on gdb you can break at ptrace and patch it or for automated analysis, just flag anything that used ptrace but isn't a debugger and run it in a sandbox without ptracing it. Audit subsystem might be enough. https://github.com/x64dbg/ScyllaHide |
|
|