Exetools  

Go Back   Exetools > General > Source Code
Reload this Page [C++] Simple Anti-Debug trick
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 06-19-2022, 21:34
Mahmoudnia's Avatar
Mahmoudnia Mahmoudnia is offline
Family
  
Join Date: Nov 2012
Posts: 239
Rept. Given: 64
Rept. Rcvd 145 Times in 50 Posts
Thanks Given: 210
Thanks Rcvd at 329 Times in 106 Posts
Mahmoudnia Reputation: 100-199 Mahmoudnia Reputation: 100-199
[C++] Simple Anti-Debug trick
Hello guys

I was working with ThunderSoft DRM a few days ago.

The interesting thing I found was a simple debugger identification technique (Not Directly) that I decided to implement in C++ programming language after analysis.

These steps are :
1- GetCommandLine (Retrieves the command-line)
2- Clean the GetCommandLine output
3- Pass the output to lpFileName in CreateFile
4- Use OPEN_EXISTING flag in dwCreationDisposition

So, if process was open in debugger, the handle of CreateFile is -1.
Attached Files
File Type: rar CreateFile-AntiDebug.rar (272.2 KB, 30 views)
Reply With Quote
The Following 3 Users Say Thank You to Mahmoudnia For This Useful Post:
niculaita (06-20-2022), NoneForce (07-19-2022)
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Similar Threads
Thread Thread Starter Forum Replies Last Post
C# Anti-Debug and Anti-Dumping (source code) Zeokat Source Code 0 12-29-2021 04:06
how to handle this super annoying anti trace trick niom General Discussion 8 04-14-2007 05:45
implement a simple thread-safe debug printf logger under MS VC++ WhoCares General Discussion 3 01-06-2005 15:59


All times are GMT +8. The time now is 18:55.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )