Computer Programming #1 - IsDebuggerPresent
This is the main code to execute to check if a debugger using Microsoft's API is working. I'll check for gdb code and post it here if I have time.
In fact, not too much has been done: I've disassembled kernel32.dll, checked the code for the already available IsDebuggerPresent and put it in a function :P I'll check for the flags in fs:[0x18] or even other fs segment variable. They seem interesting. Will post it here :)
unsigned long IsDebuggerPresent()
{
unsigned long ret;
__asm {
mov eax, fs:[0x18]
mov eax, [eax + 0x30]
movzx ret, [eax + 0x02]
}
return ret;
}
In fact, not too much has been done: I've disassembled kernel32.dll, checked the code for the already available IsDebuggerPresent and put it in a function :P I'll check for the flags in fs:[0x18] or even other fs segment variable. They seem interesting. Will post it here :)
0 Comments:
Post a Comment
<< Home