- Notifications
You must be signed in to change notification settings - Fork81
A collection of c++ programs that demonstrate common ways to detect the presence of an attached debugger.
License
ThomasThelen/Anti-Debugging
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
This repository hosts code that shows some of the trivial ways to detect the presence of debuggers under Windows applications. More thorough resources can be found on other GitHub repositories andPeter Ferrie'sThe "Ultimate”Anti-Debugging Reference". The examples are organized by functionality.
To build the project run the following frombuild/.
cmake ../cmake --build .The ReadTEB example makes use of__asm which isn't supported on x64 and is excluded from the makefile.
These are some checks that can be run from within the source of an application.
IsDebuggerPresent - Basic Win32 APIcall to check for the presence of a debugger
OutputDebugString - Use the Win32 APIto tryto communicate with a potentially attached debugger
FindWindow - Use the Win32 API to search fordebugger windows
ReadTEB - A brief look at the internals ofIsDebuggerPresent
DebugBreak - A win32 call that will throw when a debugger isn't attached.
Checking external processes for the presence of an attached debugger.
CheckRemoteDebuggerPresent - IsDebuggerPresent for external processes
Anti Reverse Engineering Protection Techniques to Use Before ReleasingSoftware
About
A collection of c++ programs that demonstrate common ways to detect the presence of an attached debugger.
Topics
Resources
License
Uh oh!
There was an error while loading.Please reload this page.
Stars
Watchers
Forks
Releases
Packages0
Uh oh!
There was an error while loading.Please reload this page.