Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Unseen Debugger Detection (Ollydbg)
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 09-26-2005, 12:35
Peter[Pan]
 
Posts: n/a
Unseen Debugger Detection (Ollydbg)
Maybe somebody came across this before, but i just came across it in a program, it kept catching me, and i couldnt for the life find where, finally after a while i came across the following, and emulated it here, any discussion if you saw it, would be nice.

The program calls ZwQueryObject, with a null handle and fills the OBJECT_ALL_TYPES_INFORMATION structure, it checks if the current object type is "DebugObject", if it is, it then checks if pObject->TotalNumberOfHandles, and pObject->TotalNumberOfObjects are greater than 0, if they then the program is being debugged, i didnt try it with softice, as i didnt get it installed yet, but it detects ollydbg just fine.

Heres the emulated code i wrote, and the compiled exe:
Attached Files
File Type: zip Detect.zip (14.4 KB, 88 views)
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
New OllyDbg detection by Armadillo? Maltese General Discussion 1 07-05-2005 11:14
Another way to detect OllyDbg and another debugger TQN General Discussion 2 08-03-2004 09:12


All times are GMT +8. The time now is 02:00.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )