├── ASMsrc ├── README.md ├── anti-vm_in_instruction.ASM ├── anti_disassembly_yason.ASM ├── api_hash.ASM ├── api_hash_stealth.ASM ├── call_trick.ASM ├── code_transposition.ASM ├── ep_not_exec.ASM ├── fakecode.ASM ├── fakejump.ASM ├── fakemath.ASM ├── garbage_bytes.ASM ├── hardware_bp.ASM ├── heapflags.ASM ├── instr_substitution.ASM ├── instruction_counting.ASM ├── middle_instruction.ASM ├── nop_sequence.ASM ├── ntglobal.ASM ├── peb.ASM ├── program_control_flow.ASM ├── pushret.ASM ├── rdtsc.ASM ├── register_reassignment.ASM ├── softice.ASM ├── software_bp.ASM └── ss_register.ASM ├── Csrc ├── README.md ├── VMDetection │ ├── VMDetection.sln │ ├── VMDetection.suo │ └── VMDetection │ │ ├── ReadMe.txt │ │ ├── VMDetection.cpp │ │ ├── VMDetection.vcxproj │ │ ├── VMDetection.vcxproj.filters │ │ └── VMDetection.vcxproj.user └── fcall_examples │ ├── .DS_Store │ ├── fcall_examples.sln │ ├── fcall_examples.suo │ ├── fcall_examples │ ├── .DS_Store │ ├── ReadMe.txt │ ├── defs.h │ ├── defs2.h │ ├── fcall_examples.cpp │ ├── fcall_examples.vcxproj │ ├── fcall_examples.vcxproj.filters │ ├── fcall_examples.vcxproj.user │ └── ntDefs.h │ └── ipch │ └── fcall_examples-e4364cbf │ └── fcall_examples-cedde00c.ipch ├── README.md ├── blackhat2012-paper.pdf └── blackhat2012-presentation.pdf /ASMsrc/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/ASMsrc/README.md -------------------------------------------------------------------------------- /ASMsrc/anti-vm_in_instruction.ASM: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/ASMsrc/anti-vm_in_instruction.ASM -------------------------------------------------------------------------------- /ASMsrc/anti_disassembly_yason.ASM: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/ASMsrc/anti_disassembly_yason.ASM -------------------------------------------------------------------------------- /ASMsrc/api_hash.ASM: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/ASMsrc/api_hash.ASM -------------------------------------------------------------------------------- /ASMsrc/api_hash_stealth.ASM: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/ASMsrc/api_hash_stealth.ASM -------------------------------------------------------------------------------- /ASMsrc/call_trick.ASM: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/ASMsrc/call_trick.ASM -------------------------------------------------------------------------------- /ASMsrc/code_transposition.ASM: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/ASMsrc/code_transposition.ASM -------------------------------------------------------------------------------- /ASMsrc/ep_not_exec.ASM: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/ASMsrc/ep_not_exec.ASM -------------------------------------------------------------------------------- /ASMsrc/fakecode.ASM: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/ASMsrc/fakecode.ASM -------------------------------------------------------------------------------- /ASMsrc/fakejump.ASM: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/ASMsrc/fakejump.ASM -------------------------------------------------------------------------------- /ASMsrc/fakemath.ASM: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/ASMsrc/fakemath.ASM -------------------------------------------------------------------------------- /ASMsrc/garbage_bytes.ASM: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/ASMsrc/garbage_bytes.ASM -------------------------------------------------------------------------------- /ASMsrc/hardware_bp.ASM: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/ASMsrc/hardware_bp.ASM -------------------------------------------------------------------------------- /ASMsrc/heapflags.ASM: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/ASMsrc/heapflags.ASM -------------------------------------------------------------------------------- /ASMsrc/instr_substitution.ASM: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/ASMsrc/instr_substitution.ASM -------------------------------------------------------------------------------- /ASMsrc/instruction_counting.ASM: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/ASMsrc/instruction_counting.ASM -------------------------------------------------------------------------------- /ASMsrc/middle_instruction.ASM: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/ASMsrc/middle_instruction.ASM -------------------------------------------------------------------------------- /ASMsrc/nop_sequence.ASM: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/ASMsrc/nop_sequence.ASM -------------------------------------------------------------------------------- /ASMsrc/ntglobal.ASM: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/ASMsrc/ntglobal.ASM -------------------------------------------------------------------------------- /ASMsrc/peb.ASM: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/ASMsrc/peb.ASM -------------------------------------------------------------------------------- /ASMsrc/program_control_flow.ASM: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/ASMsrc/program_control_flow.ASM -------------------------------------------------------------------------------- /ASMsrc/pushret.ASM: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/ASMsrc/pushret.ASM -------------------------------------------------------------------------------- /ASMsrc/rdtsc.ASM: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/ASMsrc/rdtsc.ASM -------------------------------------------------------------------------------- /ASMsrc/register_reassignment.ASM: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/ASMsrc/register_reassignment.ASM -------------------------------------------------------------------------------- /ASMsrc/softice.ASM: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/ASMsrc/softice.ASM -------------------------------------------------------------------------------- /ASMsrc/software_bp.ASM: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/ASMsrc/software_bp.ASM -------------------------------------------------------------------------------- /ASMsrc/ss_register.ASM: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/ASMsrc/ss_register.ASM -------------------------------------------------------------------------------- /Csrc/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/Csrc/README.md -------------------------------------------------------------------------------- /Csrc/VMDetection/VMDetection.sln: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/Csrc/VMDetection/VMDetection.sln -------------------------------------------------------------------------------- /Csrc/VMDetection/VMDetection.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/Csrc/VMDetection/VMDetection.suo -------------------------------------------------------------------------------- /Csrc/VMDetection/VMDetection/ReadMe.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/Csrc/VMDetection/VMDetection/ReadMe.txt -------------------------------------------------------------------------------- /Csrc/VMDetection/VMDetection/VMDetection.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/Csrc/VMDetection/VMDetection/VMDetection.cpp -------------------------------------------------------------------------------- /Csrc/VMDetection/VMDetection/VMDetection.vcxproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/Csrc/VMDetection/VMDetection/VMDetection.vcxproj -------------------------------------------------------------------------------- /Csrc/VMDetection/VMDetection/VMDetection.vcxproj.filters: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/Csrc/VMDetection/VMDetection/VMDetection.vcxproj.filters -------------------------------------------------------------------------------- /Csrc/VMDetection/VMDetection/VMDetection.vcxproj.user: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/Csrc/VMDetection/VMDetection/VMDetection.vcxproj.user -------------------------------------------------------------------------------- /Csrc/fcall_examples/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/Csrc/fcall_examples/.DS_Store -------------------------------------------------------------------------------- /Csrc/fcall_examples/fcall_examples.sln: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/Csrc/fcall_examples/fcall_examples.sln -------------------------------------------------------------------------------- /Csrc/fcall_examples/fcall_examples.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/Csrc/fcall_examples/fcall_examples.suo -------------------------------------------------------------------------------- /Csrc/fcall_examples/fcall_examples/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/Csrc/fcall_examples/fcall_examples/.DS_Store -------------------------------------------------------------------------------- /Csrc/fcall_examples/fcall_examples/ReadMe.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/Csrc/fcall_examples/fcall_examples/ReadMe.txt -------------------------------------------------------------------------------- /Csrc/fcall_examples/fcall_examples/defs.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/Csrc/fcall_examples/fcall_examples/defs.h -------------------------------------------------------------------------------- /Csrc/fcall_examples/fcall_examples/defs2.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/Csrc/fcall_examples/fcall_examples/defs2.h -------------------------------------------------------------------------------- /Csrc/fcall_examples/fcall_examples/fcall_examples.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/Csrc/fcall_examples/fcall_examples/fcall_examples.cpp -------------------------------------------------------------------------------- /Csrc/fcall_examples/fcall_examples/fcall_examples.vcxproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/Csrc/fcall_examples/fcall_examples/fcall_examples.vcxproj -------------------------------------------------------------------------------- /Csrc/fcall_examples/fcall_examples/fcall_examples.vcxproj.filters: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/Csrc/fcall_examples/fcall_examples/fcall_examples.vcxproj.filters -------------------------------------------------------------------------------- /Csrc/fcall_examples/fcall_examples/fcall_examples.vcxproj.user: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/Csrc/fcall_examples/fcall_examples/fcall_examples.vcxproj.user -------------------------------------------------------------------------------- /Csrc/fcall_examples/fcall_examples/ntDefs.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/Csrc/fcall_examples/fcall_examples/ntDefs.h -------------------------------------------------------------------------------- /Csrc/fcall_examples/ipch/fcall_examples-e4364cbf/fcall_examples-cedde00c.ipch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/Csrc/fcall_examples/ipch/fcall_examples-e4364cbf/fcall_examples-cedde00c.ipch -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/README.md -------------------------------------------------------------------------------- /blackhat2012-paper.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/blackhat2012-paper.pdf -------------------------------------------------------------------------------- /blackhat2012-presentation.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bl4ckswan/anti-disassembly/HEAD/blackhat2012-presentation.pdf --------------------------------------------------------------------------------