Kernel-mode Software Protection Vulnerability Assessment and Rootkit Reverse Engineering Tool Development

Software protections mechanisms are a means for preventing piracy, alteration, and reverse engineering of critical national security software and data. Kernel-mode software protection techniques utilize, in-part, rootkit-like methods that provide anti-piracy and anti-reverse engineering protection to critical software applications. The fundamental difficulty associated with rootkits and software protection mechanisms are that they each wish to hide some aspect of their operation from outside observation. In striving to remain unobserved both types of software may spend some amount of time "on the lookout" for tools that may be used to thwart their respective efforts. The goal of this work is to design and prototype a toolset that can be used for unobserved, dynamic reverse engineering of software programs even when those software programs employ tamper-proofing and anti-reverse engineering techniques. The target programs may exist within a lab or upon production machinery. As such, the technology must be in-field deployable into existing machine environments. HBGary offers kernel mode reverse engineering tools to assist in analysis rootkits and overcome tamper-proofing techniques.