Quote:
Originally Posted by ferrit.rce
I've a test code for this and it's relevant only in some rare circumstances. The user mode debugger can be detected only if a kernel mode debugger is installed, running and the program debugged under the user mode debugger. I've never seen this protection in any protector but I can implement it in no time This will be done in the next release...
|
That's not even quite true. It's not detecting any user-mode debugger. It's detecting that a kernel debugger is running and that the process has the SeDebugPrivilege, which is completely independent of any user-mode debugger.
It's not a reliable detection method.