Thread: Using RtlAdjustPrivilege to detect debugger.
View Single Post
  #2  
Old 03-05-2015, 00:38
Archer's Avatar
Archer Archer is offline
retired
  
Join Date: Aug 2005
Posts: 239
Rept. Given: 1
Rept. Rcvd 46 Times in 19 Posts
Thanks Given: 3
Thanks Rcvd at 387 Times in 57 Posts
Archer Reputation: 46
Detection by opening csrss process is based on the similar principle. It can be fixed by running a debuggee with a privilege-stripped token.
Reply With Quote