Re: [GD-General] Is it possible to detect debugging?
Brought to you by:
vexxed72
Menu
▾
▴
Re: [GD-General] Is it possible to detect debugging?
|
From: Aaron D. <ri...@in...> - 2003-10-10 00:09:44
|
I don't remember too much about it but I do recall reading a while back an ezine (phrack or similar) describing how to avoid debuggers (well, I think it was actuall on how to stop crackers). They listed a few techniques such as: - Modifying your code during execution to confuse any debugger and/or third party. - Kind of like the way executable packers work. - Small assembly language segments like "mov ax, 0x9090; jmp 0xfe" that do nothing important but then jump back into their data and execute it. - Checking for an int 3 handler (the one that gets called at breakpoints) or replacing the int 3 handler with your own (with extreme care). I'm sure there were more but I forget them. - Aaroin On Fri, 10 Oct 2003 08:34 am, Colin Fahey wrote: > [1] IsDebuggerPresent() > > [2] [...] WinDBG and kd can attach in noninvasive mode and generate a full > minidump [...] > > As I suspected: Developers can check for obvious debugging (e.g., to handle > errors differently), but circumventing the check requires a very modest > effort (e.g., intercept IsDebuggerPresent() call, or use noninvasive > debuggers). Also, I suppose one could run the whole application within the > context of an 80x86 emulator, so that it isn't running on the CPU as native > instructions, in which case the state of the code is totally exposed and > there is no way in the world the app could possibly detect that it was > running in virtual reality! (Much as we can't tell that we're living in > the Matrix -- without pills, I mean.) > > --- Colin > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: SF.net Giveback Program. > SourceForge.net hosts over 70,000 Open Source Projects. > See the people who have HELPED US provide better services: > Click here: http://sourceforge.net/supporters.php > _______________________________________________ > Gamedevlists-general mailing list > Gam...@li... > https://lists.sourceforge.net/lists/listinfo/gamedevlists-general > Archives: > http://sourceforge.net/mailarchive/forum.php?forum_id=557 -- - Aaron "Today's mighty oak is just yesterday's nut that held its ground." |
