Hi. What are the risks of trying to debug something - As in, whats the most extreme action a program will generally take, if it realises its being debugged?

There are no limits. It could be as benign as closing and/or deleting itself, to attempting to corrupt your Windows registry, delete arbitrary files, and format your hard drive. Here's a particularly malicious example from Fravia's malware page (http://fravia.com/boobytra.htm):


Treat it with great respect. It helps greatly to use a virtual machine e.g. VMware.

book, it may even steal your gal! Watch your back!

Peres

Even worse it could steal your toilet paper! - actually I suspect my recent hard-drive problem was related to debugging - I don't think it was malicious - I just messed with something enough to corrupt a hard-drive sector.

SiGiNT

But seeing as it says on fravias page that the most destructive things programs can do are illegal, would you expect that it would be 'safe' to debug extremely well-known programs? That is, is the really nasty stuff only used by small programs, or programmers working by themselves?

I wouldn't consider any program as being safe unless I've put it in a disassembler and read through every line of it.

Always assume the worst. It's better to be overly careful than to risk have your data wiped out by a malicious program. Do your debugging in a VMware box, or even better, on a sacrificial machine with no data of any value.

If we put a little bit of common sense in the mix, we can assume that "extremely well-known" software (as book names it) typically doesn't screw up your machine when you try to debug it. You never can tell, though, so I won't be responsible if something bad happens to your data anyhow.

Peres

@book:

Debugging is a necessary and intrinsic part of software development. You can safely assume that all software modules have been debugged at one time or another.
Antidebugging protection is a RELATIVELY recent feature and a late add-on in the protection phase of development.

The majority of software can be debugged but a small group have traps in it. The problem is knowing which ones.
So, a touch of paranoia is a good thing, it is not to be taken to extremes.

It is extremely unlikely that much software will include destructive protection. Developers have to weigh protecting their app against destroying the system of a legitimate user. There are many legitimate uses for rce tools (indeed RCE itself is not intrinsically illegal) and the risk of protection misinterpreting a user's actions (for example, legitimately breaking with sice to debug something else) then destroying the o/s is serious and dangerous. In some countries I'm sure it would border on illegal.