Created
February 12, 2016 13:07
-
-
Save OsandaMalith/2dc4dadb58ffab98f7f6 to your computer and use it in GitHub Desktop.
Checks if the process is being dubugged or not using CheckRemoteDebuggerPresent
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .386 | |
| .model flat, stdcall | |
| option casemap :none | |
| ; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ | |
| ; Title: Checks if the process is being dubugged or not using CheckRemoteDebuggerPresent | |
| ; Author: Osanda Malith Jayathissa (@OsandaMalith) | |
| ; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ | |
| include windows.inc | |
| include user32.inc | |
| include kernel32.inc | |
| includelib user32.lib | |
| includelib kernel32.lib | |
| .data | |
| Caption db "Debugger status:",0h | |
| NotFound db "Debugger not found!",0h | |
| Found db "Debugger found!",0h | |
| pbDebuggerPresent byte 0 | |
| .code | |
| start: | |
| xor eax, eax | |
| invoke GetCurrentProcess | |
| invoke CheckRemoteDebuggerPresent, eax, offset pbDebuggerPresent | |
| cmp pbDebuggerPresent, 1 | |
| JZ DebuggerDetected | |
| invoke MessageBox, 0, offset NotFound, offset Caption, MB_ICONASTERISK + MB_OK | |
| JMP exit | |
| DebuggerDetected: | |
| invoke MessageBox, 0, offset Found, offset Caption, MB_ICONINFORMATION + MB_OK | |
| exit: | |
| invoke ExitProcess, 0 | |
| end start |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment