Thread: [C++] Simple Anti-Debug trick
View Single Post
  #2  
Old 07-17-2022, 20:13
morgot morgot is offline
Friend
  
Join Date: Feb 2020
Posts: 20
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 9
Thanks Rcvd at 11 Times in 8 Posts
morgot Reputation: 0
Post
In my system don't works.. I can't see attach, and re-write code:
Code:
call GetCommandLineA


mov ebx,eax ;save ptr cmdline 


xor ecx,ecx
push ecx ;hTemplateFile
push ecx ;dwFlagsAndAttributes
push OPEN_EXISTING ;dwCreationDisposition
push ecx
push FILE_SHARE_READ + FILE_SHARE_WRITE
push GENERIC_READ
push ebx
call CreateFileA
Always return -1

But - if I remove quotes (insert after getcommandline call)
Code:
mov ebx,eax ;save ptr cmdline 
push eax
call lstrlenA
dec eax ;sub quote
mov byte ptr [ebx + eax],0 ;remove end quote
inc ebx ;remove start quote
it open file success under debuger.

x64dbg, win10.
Reply With Quote
The Following User Says Thank You to morgot For This Useful Post:
niculaita (07-19-2022)