[C++] Simple Anti-Debug trick
Hello guys
I was working with ThunderSoft DRM a few days ago.
The interesting thing I found was a simple debugger identification technique (Not Directly) that I decided to implement in C++ programming language after analysis.
These steps are :
1- GetCommandLine (Retrieves the command-line)
2- Clean the GetCommandLine output
3- Pass the output to lpFileName in CreateFile
4- Use OPEN_EXISTING flag in dwCreationDisposition
So, if process was open in debugger, the handle of CreateFile is -1.
|