Search Evasion Techniques
Names, Techniques, Definitions, Keywords
1 item(s) found so far for this keyword.
Detection of guard pages is somewhat rare and based on imitation of debugger behavior - i.e. creation of PAGE_GUARD memory page and accessing it, previously put return address onto the stack. If STATUS_GUARD_PAGE_VIOLATION occurs, it’s assumed no debugging is in place.