Which term describes a disassembly-evading technique using specially crafted code or data to produce an incorrect program listing?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which term describes a disassembly-evading technique using specially crafted code or data to produce an incorrect program listing?

Explanation:
The main idea here is how attackers use tricks in the code layout to foil static analysis by a disassembler. Anti-disassembly refers to methods that are embedded in the binary—special crafted code and data patterns—that cause a disassembler to produce an incorrect or misleading listing of what the program does. This includes techniques like misaligned or overlapping instructions, inserting data within code sections, or self-modifying code that changes after being loaded. The result is a disassembly that doesn’t reflect the real execution, making it harder for analysts to understand the program. This is different from anti-debugging, which aims to foil dynamic analysis by a debugger (timing checks, breakpoints, or debugger presence tricks). It’s also distinct from anti-heuristics, which tries to defeat heuristic-based detection in security tools. And add-on viruses describe parasites that piggyback on legitimate software, not analysis-resistant code. So, the term described is the one that captures techniques used to thwart disassembly by crafting code and data to produce an incorrect program listing.

The main idea here is how attackers use tricks in the code layout to foil static analysis by a disassembler. Anti-disassembly refers to methods that are embedded in the binary—special crafted code and data patterns—that cause a disassembler to produce an incorrect or misleading listing of what the program does. This includes techniques like misaligned or overlapping instructions, inserting data within code sections, or self-modifying code that changes after being loaded. The result is a disassembly that doesn’t reflect the real execution, making it harder for analysts to understand the program.

This is different from anti-debugging, which aims to foil dynamic analysis by a debugger (timing checks, breakpoints, or debugger presence tricks). It’s also distinct from anti-heuristics, which tries to defeat heuristic-based detection in security tools. And add-on viruses describe parasites that piggyback on legitimate software, not analysis-resistant code.

So, the term described is the one that captures techniques used to thwart disassembly by crafting code and data to produce an incorrect program listing.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy