Thread
:
Using RtlAdjustPrivilege to detect debugger.
View Single Post
#
2
03-05-2015, 00:38
Archer
retired
Join Date: Aug 2005
Posts: 239
Rept. Given: 1
Rept. Rcvd 46 Times in 19 Posts
Thanks Given: 3
Thanks Rcvd at 387 Times in 57 Posts
Detection by opening csrss process is based on the similar principle. It can be fixed by running a debuggee with a privilege-stripped token.
Archer
View Public Profile
Find all posts by Archer