Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

I create makin to make initial malware assessment little bit easier for me, I think it's useful for others as well, It helps to reveal a debugger detection techniques used by a sample.

Any feedback is greatly appreciated: @_qaz_qaz

How does it work?

makin opens a sample as a debuggee and injects asho.dll(main module renames all dlls before injection), asho.dll hooks several functions at ntdll.dll and kernelbase.dll libraries and after parameters checkings, it sends the corresponding message to the debugger (makin.exe).

makin also generates a script for IDA Pro to set breakpoints at detected APIs.

At this moment, makin can reveal following techniques:

ntdll.dll:

kernelbase.dll:

You can add more VM checks via editing checks.json file, without modification of the executable

That's all for now, you can add as much as you wish :)

Third-party

DEMO:

makin_demo

About

makin - reveal anti-debugging and anti-VM tricks [This project is not maintained anymore]

Topics

Resources

License

Packages

No packages published
You can’t perform that action at this time.