Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

antiodbg src -> Delphi

Featured Replies

Posted

Sometime last year I remember someone asking for an example of anti-odbg in Delphi. Though this is just a simple example code can be modified and updated. Original thread was on unpack.cn sometime ago and this evening while I was checking the board I came across this thread and figured it would be a good opportunity to post it on tuts4you.

If you use the code or find it helpful be sure to email this guy and thank him.

very simple AntiDebug Unit for Delphi

can detect most debuggers:

OllyDBG,Immunity Debugger,WinDbg,W32DAsm,IDA,....

SoftICE,Syser,TRW,TWX

Tested on Win9x-Me-2k-XP-2k3-Vista

Coded by: Magic_h2001

magic_h2001_yahoo.com

magic.shabgard.org

just for fun ;)

Dont be a JP

function IsDebuggerPresent():BOOL; stdcall;external 'kernel32.dll' name 'IsDebuggerPresent'; <-- !patch Kernel32.IsDebuggerPresent :P

SimpleAntiDBG2.zip

Edited by D1N

  • 1 month later...

Nice Sample !!! Thanks.

Detected without me running a debugger or anything... =/ I'm not running SoftIce or anything either. Vista Home Premium 32-bit.

Detected without me running a debugger or anything... =/ I'm not running SoftIce or anything either. Vista Home Premium 32-bit.

It detects by file names as well, not just in memory applications.

Checks process list for:

OLLYDBG, DBG, DEBUG, IDAG, W32DSM

Checks module list for:

DBGHELP, OLLYDBG, W32DSM

Checks For Files:

%system%\drivers\sice.sys

%system%\drivers\ntice.sys

%system%\drivers\syser.sys

%system%\drivers\winice.sys

%system%\drivers\sice.vxd

%system%\winice.vxd

%system%\vmm32\winice.vxd

%system%\sice.vxd

%system%\vmm32\sice.vxd

Checks API:

IsDebuggerPresent

Checks Ring 0 Files:

\\.\SICE

\\.\SIWVID

\\.\NTICE

\\.\TRW

\\.\TWX

\\.\ICEEXT

I get detected by just running it as well with nothing going. My cause is due to having dbghelp running in various processes on my machine. Not really the best method to prevent debugging as some processes require some of the above. XP SP3 installs a search tool for Windows XP which includes the dbghelp.dll inside it by default, which would render anything that uses this method useless to the user as they couldn't run your software then.

very good!!! Thanks

  • 3 weeks later...

this example is very basic, Make it detect any memory modification on your process, and if it does deny any memory modifications on your process, or just hook OpenProcess to avoid access to your process :P

They could use CreateProcess with SUSPENDED_MODE, hook it too.

just hook OpenProcess to avoid access to your process

Now that is a rootkit ;D

And every developer that hooks APIs systemwide just to keep his process from being debugged deserves a good beating.

just hook OpenProcess to avoid access to your process

Now that is a rootkit ;D

And every developer that hooks APIs systemwide just to keep his process from being debugged deserves a good beating.

if you want a replacement from hooking, unlink your process from EPROCESS structure via kernel mode. (device driver, use DDK)

checking for DBGHELP.dll or DBGENG.DLL is stupid, because these are system components and always loaded! Same for psapi.dll!

  • 8 months later...

very good

Tnx :thumbsup::thumbsup:

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.