Hard-Detours: A new technique for dynamic code analysis

Abstract

Dynamic code analysis for malware detection has become the heart of modern security tools. Some researchers target Microsoft Detours system to perform the dynamic analysis in window environment. This paper reveals some weakness in Microsoft Detours system. It introduces a mechanism (Anti-Detours) to escape from the code analysis trap. The paper proposes a new technique (Hard-Detours) to perform the dynamic code analysis. It intercepts the communication between the application and the system. The interception mechanism depends on the nature of each system call, to avoid detection, removal and bypassing techniques. The proposed technique is implemented for windows 32 Bit Portable Executables. Both analysis techniques are tested over a set of executables with and without the breaking mechanism.