Review Article
Classification and Analysis of Security Techniques for the User Terminal Area in the Internet Banking Service
Table 7
Classification of preventive obfuscation.
| Classification by feature | Detailed classification |
| Unique transformation method | Hardware breakpoint detection | Detecting breakpoints by CRC | Ring3 debugger detection via LDR_MODULE | Context modification | Kernel32!CloseHandle and NtClose | popf and trap flag | User-mode timers | INT 2Dh debugger detection | LordPE anti-dumping | RDG OEP signature spoofing | Stack segment register | Using the CMPXCHG8B with the lock prefix | CheckRemoteDebuggerPresent windows API | Debug register manipulation |
| Targeted transformation method | OllyDbg INT3 exception detection | OllyDbg IsDebuggerPresent detection | OllyDbg instruction prefix detection | OllyDbg OpenProcess string detection | PEID GenOEP spoofing | PEID OEP signature spoofing | ProcDump PE header corruption |
|
|