Breakpoints
A breakpoint is a special instruction in the executable code. When such a breakpoint is reached during execution of a program, the execution of the program stops.
If a debugger has established a handler for the breakpoint, the execution is resumed in the debugger's breakpoint handler, typically to analyze the debuggee and issue further debugger commands.
Anti debugging techniques
Check if debugger is attached (Windows:
PEB.IsDebugged
).
Scan for
int 3
instructions.
Check the time it takes to run through a specific portion of the code. The assumption is that a debugging entity slows down the execution time.
The
rdtsc
instruction (x86/x64) is useful for that.
Try to detect virtual machines.