Hi
very Good and very fast ,,,I still make the test on v006 Lol
anyway.
For (TitanHideTest)
I make very tiny change ,because let this prog go in sycal make my eyes flash
.
Quote:
Test: <<<<<<<<
char title[256]="";
sprintf(title, "pid: %d", (int)GetCurrentProcessId());
SetConsoleTitleA(title);
while(1)
{
printf("ProcessDebugFlags: %d\n", CheckProcessDebugFlags());
printf("ProcessDebugPort: %d\n", CheckProcessDebugPort());
printf("ProcessDebugObjectHandle: %d\n", CheckProcessDebugObjectHandle());
printf("NtQueryObject: %d\n", CheckObjectList());
printf("CheckSystemDebugger: %d\n", CheckSystemDebugger());
printf("CheckNtClose: %d\n", CheckNtClose());
//printf("ThreadHideFromDebugger: %d\n", HideFromDebugger());
puts("");
//Sleep(1000);
system("Pause"); <<<<<<
printf("\n"); <<<<<<
goto Test; <<<<<<
|
By the way I have checked "CheckProcessDebugFlags "
and find something go wrrong in ur x64_dbg (x32)
-CheckProcessDebugFlags come when the debugger try to handle exception which is a trap could be the coder have use it to check if u debug his software or not Like this example :Author: Dejan Lukan with my little tiny changes
Quote:
Test:
BOOL bExceptionHit = FALSE;
__try {
_asm
{
pushfd
or dword ptr [esp], 0x100
popfd
// Set the Trap Flag
// Load value into EFLAGS register
nop
}
}
__except(EXCEPTION_EXECUTE_HANDLER) {
bExceptionHit = TRUE;
// An exception has been raised ¨C
// there is no debugger.
}
if (bExceptionHit == FALSE)
printf("A debugger is present.n");
else
printf("There is no debugger present.n");
/* wait */
getchar();
system("Pause");
goto Test;
return 0;
|
anyway in olly u can Ignore this exception and make the software handle this exception ,but it ur Deubger x64_dbg (x32) ,I think ur deubgger not see this exception at all and not mention it at command bar and pass it so the the
CheckProcessDebugFlags =1 in ur Deubgger .
Lol alot of lab lab ,sorry for bother u .
anyway my Advice is to not ram this (CheckProcessDebugFlags) in Kernel mode ,let keep it in user mode by the debugger it self ,that my opinion .
Thanks again for ur Good work .