Breaking Signatures

Memory signatures can be an effective method of identifying allocated objects and can serve as a low level baseline in order to detect objects hidden by several different methods. Although the memory signature detection method may be effective, it doesn't come without its own set of problems. Many signatures can be evaded using several different techniques and non-evadable signatures for objects, if any exist, have yet to be explored. The following sections discuss issues and counter measures related to defeating memory signatures.

• Pointer Based Signatures
• N-Depth Pointer Validation
• Miscellaneous