Page 1 of 1
determine if debugger is enabled/disabled
Posted: Tue Jan 31, 2006 3:10 pm
by traumatic
Somone on IRC asked if there's a way to determine whether the
debugger is being used or not. Since there's no "#compilerif-flag"
for this purpose, I came up with this:
Code: Select all
;
; returns #TRUE if debugger is enabled
; #FALSE otherwise
;
Procedure DebuggerEnabled()
!if defined _PB_DEBUGGER_Control
!mov eax, 1
!else
!mov eax, 0
!end if
ProcedureReturn
EndProcedure
Don't know, maybe it's useful to others as well (that's why I'm posting it here
).
Posted: Tue Jan 31, 2006 3:12 pm
by Dare2
Yes it is useful. As is, and for expanding knowledge/horizons.
Thanks.
Posted: Tue Jan 31, 2006 3:12 pm
by dige
Great!!! That's exactly what Im looking for... Thank you :D
Posted: Tue Jan 31, 2006 3:14 pm
by traumatic
dige, didn't we meet on IRC lately?
Posted: Tue Jan 31, 2006 3:14 pm
by Fred
Posted: Tue Jan 31, 2006 3:19 pm
by gnozal
Another (generic) one :
Code: Select all
;
; Inline ASM enabled
;
Procedure TestDebugger()
!RDTSC
XOR Ecx,Ecx
ADD Ecx,Eax
!RDTSC
SUB Eax,Ecx
CMP Eax,$96
JB l_testdebuggerfast
ProcedureReturn 1 ; debugger present
testdebuggerfast:
ProcedureReturn 0 ; no debugger
EndProcedure
;
MessageRequester("", Str(TestDebugger()))
Seems to work for me.
Posted: Wed Feb 01, 2006 10:20 am
by netmaestro
Here on PB 3.94, AMD 64 proc, traumatic code reports correctly, gnozal code says 0 in all cases.
Posted: Wed Feb 01, 2006 12:10 pm
by Max.
netmaestro wrote:Here on PB 3.94, AMD 64 proc, traumatic code reports correctly, gnozal code says 0 in all cases.
AFAIK, gnozal's code times execution speed (which is slower with enabled debuggers). You probably need to adjust the CMP Eax,$96 for a correct result, but probably it does not work with the PB debugger at all.
Posted: Wed Feb 01, 2006 12:43 pm
by thefool
Well i did this:
Code: Select all
Procedure isdebugger()
label:
a=1
If PeekB(?label)=104
ProcedureReturn 1
EndIf
EndProcedure
MessageRequester(Str(isdebugger()),"")
It simply looks at the byte in memory @the label. If the debugger is there it adds some instructions between your own, and then the result isnt the same. This of course only works with the pb debugger, as f.ex ollydbg does not add such stuff.
To detect other debuggers you can use the api command IsDebuggerPresent_().. :
Code: Select all
If IsDebuggerPresent_()
MessageRequester("","Debugger is active!")
Else
MessageRequester("","No debugger")
EndIf
Posted: Wed Feb 01, 2006 6:40 pm
by SFSxOI
What if you want to keep other debuggers from attaching?
Posted: Wed Feb 01, 2006 6:56 pm
by thefool
SFSxOI wrote:What if you want to keep other debuggers from attaching?
Please read what i post
To detect other debuggers you can use the api command IsDebuggerPresent_().. :
Code:
If IsDebuggerPresent_()
MessageRequester("","Debugger is active!")
Else
MessageRequester("","No debugger")
EndIf
notice that its not hard to overrule that check so better hide it. And the api command isnt that hard to find, however its one method to get rid of totally newbie crackers.
Posted: Wed Feb 01, 2006 7:06 pm
by SFSxOI
OK i see it now...duh!