Jump to content
Tuts 4 You

how can i detect if my program opened with a Debuger (in Delphi)

Sam7sam7

By Sam7sam7
in Programming and Coding

Recommended Posts

Sam7sam7

Sam7sam7

Posted
Posted

hi all.


 


before reading Excuse me for my poor English.


 


 


i want to detect if my program opened with a Debuger in Delphi.


 


i found a few code in other website ,but thats not work true!


 


please help me.


Link to comment
RustyNail

RustyNail

Posted
Posted (edited)

search for anti-debugging techniques in the forum, you will get your answer.


Edited by Kingstaa
Link to comment
Sam7sam7

Sam7sam7

Posted
  • Author
Posted (edited)

thank you for help :sly:


 


I used the "IsDebuggerPresent" function in  my app  but this not work in OllyDbg!!!


 


 


my problem solved with this function




procedure AntiDebug;

var

  bISDebug: Boolean;

begin

  bISDebug := True;

  try

    asm

      INT 2Dh

      nop

    end;

  except

    bISDebug := False;

  end;

  if  bISDebug then

    TerminateProcess(GetCurrentProcess, 0)

end;

Edited by Sam7sam7
Link to comment
  • 2 weeks later...
Sam7sam7

Sam7sam7

Posted
  • Author
Posted

This simple debugger detection can be killed with a simple one byte patch...

Its really easy to bypass this...

can you give me a better way ?

Link to comment
Sam7sam7

Sam7sam7

Posted
  • Author
Posted (edited)

Sam7sam7 you can convert this for c++?

 

Using:

 

bool Example()

{

__asm{

      INT 2Dh

      nop

 

}

}

I wrote the following function in delphi but when i open my app in ollydbg can't detect it!!

{ -------------------------------------------------------------------------------  + Function : Int2D_DBG  + DateTime  : 2013.03.28  + Result    : Bool  ------------------------------------------------------------------------------- }Function Int2D_DBG(): Bool;{ Exception Based Anti-Debugging }ASM  mov Result,$0 // Return False@@_TRY :  pushad  mov esi, offset @@_Handler  push esi  push    FS:[0]  mov     FS:[0], ESP  // ---------------------  int     2Dh  nop  // ---------------------@@_EXCEPT:  mov Result,$1  // Return True  jmp @@_NoException@@_Handler:  mov esp, [esp + 8]  pop dword ptr fs:[0]  add esp, 4  popad@@_TRY_END :  jmp @@_ExceptionHandled@@_NoException:  pop dword ptr fs:[0]  add esp, 32 + 4@@_ExceptionHandled:End;

example of use :

  if Int2D_DBG = True then    ShowMessage('IS DBG')  else    ShowMessage('Is not DBG');
Edited by Sam7sam7
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...