Review Article
Classification and Analysis of Security Techniques for the User Terminal Area in the Internet Banking Service
Table 7
Classification of preventive obfuscation.
| | Classification by feature | Detailed classification |
| | Unique transformation method | Hardware breakpoint detection | | Detecting breakpoints by CRC | | Ring3 debugger detection via LDR_MODULE | | Context modification | | Kernel32!CloseHandle and NtClose | | popf and trap flag | | User-mode timers | | INT 2Dh debugger detection | | LordPE anti-dumping | | RDG OEP signature spoofing | | Stack segment register | | Using the CMPXCHG8B with the lock prefix | | CheckRemoteDebuggerPresent windows API | | Debug register manipulation |
| | Targeted transformation method | OllyDbg INT3 exception detection | | OllyDbg IsDebuggerPresent detection | | OllyDbg instruction prefix detection | | OllyDbg OpenProcess string detection | | PEID GenOEP spoofing | | PEID OEP signature spoofing | | ProcDump PE header corruption |
|
|
