RDTSC

The Read-Time-Stamp-Counter (RDTSC) instruction can be used by malware to determine how quicky the processor excutes the program’s instructions. It returns the count of the number of ticks since the last system reboot as a 64-bit value placed into EDX:EAX.

It will execute RDTSC twice and then calculate the difference between low order values and check it with CMP condition. If the difference lays below 0FFFh no debugger is found if it is above or equal then application is debugged.

Additional Resources

Subscribe to our Newsletter and don't miss important updates