Crashing malware analysis tools
Various techniques can be used to crash analysis tools, such as highly complicated recursive functions that cause IDA/Ghidra or any other tool to run out of memory and crash, as well as the virtual machine it’s being run on.
Practical example
Here’s a simple example in C that demonstrates a technique for crashing analysis tools by using highly complicated recursive functions: https://github.com/PacktPublishing/Malware-Development-for-Ethical-Hackers/blob/main/chapter07/05-crashing-tools/hack.c.
In this practical example, recFunction is intentionally designed to consume a large amount of stack space due to its recursive nature. When called with a large input value, it can cause a stack overflow, leading to the analysis tool or virtual machine attempting to execute it crashing.
Compile it:
$ x86_64-w64-mingw32-g++ hack.c -o hack.exe -I/usr/share/mingw-w64/include/ -s -ffunction-sections -fdata-sections -Wno-write-strings -fno...
