Awesome Open Source
Awesome Open Source

alt text Project Status: Active – The project has reached a stable, usable state and is being actively developed. license Maintenance HitCount

When developing software, it's sometimes necessary to check, at runtime if the application is running under the presence of a debugger. Sometimes, the goal is to stop the application from running under a debugger to slow reversing attempts. Conversely, a reverse engineer may run across the checks that the developer placed.

This repository hosts code that shows some of the trivial ways that are commonly encountered in the wild. Note that bypassing this class of check has been almost entirely automated by modern disassemblers.

Checking Your Own Process

IsDebuggerPresent - Basic Win32 API call to check for the presence of a debugger

OutputDebugString - Use the Win32 API to tryto communicate with a potentially attached debugger

FindWindow - Use the Win32 API to search for debugger windows

ReadTEB - A brief look at the internals of IsDebuggerPresent

DebugBreak - A win32 call that will throw when a debugger isn't attached (sounds weird I know).

Checking Other Processes

CheckRemoteDebuggerPresent - IsDebuggerPresent for external processes

References and Other Repositories

Anti Reverse Engineering Protection Techniques to Use Before Releasing Software

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
c-plus-plus (18,402
hacking (546
reverse-engineering (472
malware (221
debugging (180
malware-analysis (134
malware-research (61
cracking (36
virus (31
reversing (25