When developing software, it's sometimes necessary to check, at runtime if the application is running under the presence of a debugger. Sometimes, the goal is to stop the application from running under a debugger to slow reversing attempts. Conversely, a reverse engineer may run across the checks that the developer placed.
This repository hosts code that shows some of the trivial ways that are commonly encountered in the wild. Note that bypassing this class of check has been almost entirely automated by modern disassemblers.
IsDebuggerPresent - Basic Win32 API call to check for the presence of a debugger
OutputDebugString - Use the Win32 API to tryto communicate with a potentially attached debugger
FindWindow - Use the Win32 API to search for debugger windows
ReadTEB - A brief look at the internals of IsDebuggerPresent
DebugBreak - A win32 call that will throw when a debugger isn't attached (sounds weird I know).
CheckRemoteDebuggerPresent - IsDebuggerPresent for external processes