Thread: [C++] Simple Anti-Debug trick
View Single Post
  #1  
Old 06-19-2022, 21:34
Mahmoudnia's Avatar
Mahmoudnia Mahmoudnia is offline
Family
  
Join Date: Nov 2012
Posts: 228
Rept. Given: 64
Rept. Rcvd 142 Times in 49 Posts
Thanks Given: 198
Thanks Rcvd at 283 Times in 97 Posts
Mahmoudnia Reputation: 100-199 Mahmoudnia Reputation: 100-199
[C++] Simple Anti-Debug trick
Hello guys

I was working with ThunderSoft DRM a few days ago.

The interesting thing I found was a simple debugger identification technique (Not Directly) that I decided to implement in C++ programming language after analysis.

These steps are :
1- GetCommandLine (Retrieves the command-line)
2- Clean the GetCommandLine output
3- Pass the output to lpFileName in CreateFile
4- Use OPEN_EXISTING flag in dwCreationDisposition

So, if process was open in debugger, the handle of CreateFile is -1.
Attached Files
File Type: rar CreateFile-AntiDebug.rar (272.2 KB, 20 views)
Reply With Quote
The Following 3 Users Say Thank You to Mahmoudnia For This Useful Post:
niculaita (06-20-2022), NoneForce (07-19-2022)