Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn to overcome modern software protection mechanisms using Dynamic Binary Instrumentation (DBI) in this comprehensive conference talk from Recon 2025. Discover how commercial DRM systems and advanced malware now employ sophisticated anti-debugging routines, anti-tamper mechanisms, and aggressive obfuscation that defeat traditional static analysis and debugger-based approaches. Explore DBI as a powerful alternative that enables real-time observation and manipulation of program execution, bypassing many anti-analysis techniques by instrumenting instructions at runtime. Master the architectural model and strengths of DBI frameworks, with focused instruction on DynamoRIO, an open-source framework supporting IA-32, AMD64, ARM, and AArch64 across Windows, Linux, and Android platforms. Build a custom tracer and dumper from scratch capable of capturing instruction-level execution traces, inspecting memory-resident objects and runtime data, and dumping unpacked code segments for offline analysis. Navigate real-world complexities including multithreaded execution, process spawning, and anti-debugging countermeasures while learning to integrate collected runtime data with tools like IDA Pro to enhance static analysis with dynamic context. Gain practical insights from seven years of DynamoRIO development experience, including techniques used in the award-winning DDR tool from the 2020 IDA Plugin Contest. Access a publicly released DynamoRIO-based tracer as a foundation for developing your own analysis pipelines, with guidance on extending tools further and finding resources for independent projects.
