Tamper-proofed software and malicious binaries, commonly referred to as malware, often share similar technological features. Both good and bad guys wish to hinder static and dynamic reverse engineering of their software programs to thwart adversaries from gaining program understanding and to prevent the observation of code behavior. HBGary proposes the Virtual Machine for Analysis (VMA), a full-virtualization machine environment that completely subverts current and upcoming tamper-proofing technologies. Rather than being designed for typical virtual execution of applications and operating systems, VMA will be designed with invasive debugging and data collection capabilities specifically for evaluating tamper-proofed software. This proposal details the use of a high-fidelity, highly-controlled emulation environment to create an undetectable, dynamically reconfigurable VMA. The advantage, is that VMA will perform undetectable debugging; that is, the system being debugged cannot detect that it is being debugged. Traditional native debuggers have trouble debugging such structures because native debuggers rely upon some of these structures being untampered
