mirrors
/
pafish
mirror of https://github.com/a0rtega/pafish
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add BeingDebugged debugger detection

This commit is contained in:
Alberto Ortega 2021-11-08 19:26:39 +01:00
parent d69f67157f
commit c6c28ab896
3 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pafish/debuggers.c
View File

@ -4,6 +4,7 @@
#include <windows.h> #include <windows.h>
#include "debuggers.h" #include "debuggers.h"
#include "utils.h"
#include "types.h" #include "types.h"
int debug_isdebuggerpresent() { int debug_isdebuggerpresent() {
@ -26,3 +27,9 @@ int debug_outputdebugstring() {
return FALSE; return FALSE;
} }
} }
int debug_beingdebugged_peb() {
struct _PEB_wine * PEB;
PEB = pafish_get_PEB();
return PEB->BeingDebugged == 1 ? TRUE : FALSE;
}

2
pafish/debuggers.h
View File

@ -6,4 +6,6 @@ int debug_isdebuggerpresent();
int debug_outputdebugstring(); int debug_outputdebugstring();
int debug_beingdebugged_peb();
#endif #endif

3
pafish/main.c
View File

@ -99,6 +99,9 @@ int main(void)
exec_check("Using IsDebuggerPresent()", &debug_isdebuggerpresent, exec_check("Using IsDebuggerPresent()", &debug_isdebuggerpresent,
"Debugger traced using IsDebuggerPresent()", "Debugger traced using IsDebuggerPresent()",
"hi_debugger_isdebuggerpresent"); "hi_debugger_isdebuggerpresent");
exec_check("Using BeingDebugged via PEB access", &debug_beingdebugged_peb,
"Debugger traced using PEB BeingDebugged",
"hi_debugger_beingdebugged_PEB");
/* This is only working on MS Windows systems prior to Vista */ /* This is only working on MS Windows systems prior to Vista */
if (winver.dwMajorVersion < 6) { if (winver.dwMajorVersion < 6) {
exec_check("Using OutputDebugString()", exec_check("Using OutputDebugString()",