def highlight_anti_debug_api_calls():
anti_debug_apis = [
"IsDebuggerPresent", "CheckRemoteDebuggerPresent", "NtQueryInformationProcess", "OutputDebugString",
]
library_calls = {} # api_name -> CodeRefsTo
get_imports(library_calls)
for api_name, codeRefsTo in library_calls.iteritems():
if api_name in anti_debug_apis:
logger.info("Potential Anti-Debug call %s imported", api_name)
if codeRefsTo:
logger.info(" - %s called at %s", api_name, ", ".join(["0x%x" % x for x in codeRefsTo]))
评论列表
文章目录
