idq000
07-28-2006, 09:37 AM
Hello!
I was wondering if any of the geniuses out there have some antidebugging tricks/tips/techniques. I have seen the same things over and over again and was wondering if there would be any interesting techniques to KILL or GET RID OF debuggers. Yes, I have seen the Regmon class searches, VxD tricks, stupid IsDebuggerPresent calls, probing processes through CreateToolhelp32Snapshot.
Well, I was thinking maybe I could first create a parent-child process scheme in which the parent creates a process through CreateProcess and the child process would call DebugActiveProcess on the parent by having the parent pass the Process ID to the child by sending a message. The child process would then call the parent process using DebugActiveProcess on the parent, and if it fails, it probably means it is being debugged, so I can...?
Any suggestions?
Thanks, I will be looking forward to your replies.
I was wondering if any of the geniuses out there have some antidebugging tricks/tips/techniques. I have seen the same things over and over again and was wondering if there would be any interesting techniques to KILL or GET RID OF debuggers. Yes, I have seen the Regmon class searches, VxD tricks, stupid IsDebuggerPresent calls, probing processes through CreateToolhelp32Snapshot.
Well, I was thinking maybe I could first create a parent-child process scheme in which the parent creates a process through CreateProcess and the child process would call DebugActiveProcess on the parent by having the parent pass the Process ID to the child by sending a message. The child process would then call the parent process using DebugActiveProcess on the parent, and if it fails, it probably means it is being debugged, so I can...?
Any suggestions?
Thanks, I will be looking forward to your replies.