RE: [GD-General] Is it possible to detect debugging?
Brought to you by:
vexxed72
Menu
▾
▴
RE: [GD-General] Is it possible to detect debugging?
|
From: Mat N. \(BUNGIE\) <mat...@mi...> - 2003-10-10 00:54:19
|
That won't stop me from running windbg in non-invasive mode and capturing a memory dump, then inspecting that. I've done it before. It's not that hard at all. MSN -----Original Message----- From: gam...@li... [mailto:gam...@li...] On Behalf Of Aaron Drew Sent: Thursday, October 09, 2003 5:09 PM To: gam...@li... Subject: Re: [GD-General] Is it possible to detect debugging? I don't remember too much about it but I do recall reading a while back an=20 ezine (phrack or similar) describing how to avoid debuggers (well, I think it=20 was actuall on how to stop crackers). They listed a few techniques such as: - Modifying your code during execution to confuse any debugger and/or third=20 party. - Kind of like the way executable packers work. - Small assembly language segments like "mov ax, 0x9090; jmp 0xfe" that do nothing important but then jump back into their data and execute it. - Checking for an int 3 handler (the one that gets called at breakpoints) or=20 replacing the int 3 handler with your own (with extreme care). I'm sure there were more but I forget them. - Aaroin On Fri, 10 Oct 2003 08:34 am, Colin Fahey wrote: > [1] IsDebuggerPresent() > > [2] [...] WinDBG and kd can attach in noninvasive mode and generate a full > minidump [...] > > As I suspected: Developers can check for obvious debugging (e.g., to handle > errors differently), but circumventing the check requires a very modest > effort (e.g., intercept IsDebuggerPresent() call, or use noninvasive > debuggers). Also, I suppose one could run the whole application within the > context of an 80x86 emulator, so that it isn't running on the CPU as native > instructions, in which case the state of the code is totally exposed and > there is no way in the world the app could possibly detect that it was > running in virtual reality! (Much as we can't tell that we're living in > the Matrix -- without pills, I mean.) > > --- Colin > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: SF.net Giveback Program. > SourceForge.net hosts over 70,000 Open Source Projects. > See the people who have HELPED US provide better services: > Click here: http://sourceforge.net/supporters.php > _______________________________________________ > Gamedevlists-general mailing list > Gam...@li... > https://lists.sourceforge.net/lists/listinfo/gamedevlists-general > Archives: > http://sourceforge.net/mailarchive/forum.php?forum_id=3D557 --=20 - Aaron "Today's mighty oak is just yesterday's nut that held its ground." ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Gamedevlists-general mailing list Gam...@li... https://lists.sourceforge.net/lists/listinfo/gamedevlists-general Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=3D557 |
