Quote:
|
Originally Posted by Android
So there must be a special trick to detect Unkown debuggers.
Hope someone can reveal it.
|
Maybe this can help you:
*isdebugpresent can detect unknow debuggers.
*comparing firsts bytes of API funcs with CC can detect an unknow debugger.
*setting SetUnhandledExceptionFilter, if you are under a unknow debugger, you can detect it.
*Reading the trap bit ( four debug registers DR0,DR1,DR2,DR3 ).
*if the unknow debugger uses total api redirection you can compare func address with image base.
*in win9x reading the IDT or with VWIN32_Int41Dispatch.
etc...
Regards