Exetools  

Go Back   Exetools > General > Source Code
Reload this Page [C++] Simple Anti-Debug trick
Register Forum Rules FAQ Calendar

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 07-17-2022, 20:13
morgot morgot is offline
Friend
  
Join Date: Feb 2020
Posts: 22
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 9
Thanks Rcvd at 11 Times in 8 Posts
morgot Reputation: 0
Post
In my system don't works.. I can't see attach, and re-write code:
Code:
call GetCommandLineA


mov ebx,eax ;save ptr cmdline 


xor ecx,ecx
push ecx ;hTemplateFile
push ecx ;dwFlagsAndAttributes
push OPEN_EXISTING ;dwCreationDisposition
push ecx
push FILE_SHARE_READ + FILE_SHARE_WRITE
push GENERIC_READ
push ebx
call CreateFileA
Always return -1

But - if I remove quotes (insert after getcommandline call)
Code:
mov ebx,eax ;save ptr cmdline 
push eax
call lstrlenA
dec eax ;sub quote
mov byte ptr [ebx + eax],0 ;remove end quote
inc ebx ;remove start quote
it open file success under debuger.

x64dbg, win10.
Reply With Quote
The Following User Says Thank You to morgot For This Useful Post:
niculaita (07-19-2022)
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Similar Threads
Thread Thread Starter Forum Replies Last Post
C# Anti-Debug and Anti-Dumping (source code) Zeokat Source Code 0 12-29-2021 04:06
how to handle this super annoying anti trace trick niom General Discussion 8 04-14-2007 05:45
implement a simple thread-safe debug printf logger under MS VC++ WhoCares General Discussion 3 01-06-2005 15:59


All times are GMT +8. The time now is 11:11.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )