Results 1 to 1 of 1
  1. #1
    jaxBR
    jaxBR is offline
    New member jaxBR's Avatar
    Join Date
    2012 Jan
    Posts
    37
    Thanks Thanks Given 
    33
    Thanks Thanks Received 
    35
    Thanked in
    15 Posts
    Rep Power
    0

    checking debugger

    Code:
    interface
    
    uses Windows,SysUtils,TlHelp32;
    
    function IsDBG:Boolean;
    
    implementation
    
    var
     Found:Boolean=False;
     hSnapmod: THANDLE;
     ModInfo: MODULEENTRY32;
     hSnap: THANDLE;
     ProcessInfo: PROCESSENTRY32;
     ProcID:DWORD;
    
     function IsDebuggerPresent():BOOL; stdcall;external 'kernel32.dll' name 'IsDebuggerPresent';
    
    function GetSys:string;
    var
      Gsys : array[0..MAX_PATH] of Char;
    begin
      GetSystemDirectory(Gsys,MAX_PATH);
      Result:=Gsys;
      if length(Result)>0 then
      if Result[length(Result)]<>'\' then Result:=Result+'\';
    end;
    
    function UpCaseStr(S:string):String;
    var i:integer;
    begin
      Result:=s;
      if s='' then exit;
      for i:=1 to length(s) do
        Result[i]:=upcase(Result[i]);
    end;
    
    function IsRing0DBG(S:string): boolean;
    var hFile: Thandle;
    begin
      Result := False;
      hFile := CreateFileA(Pansichar(S), GENERIC_READ or GENERIC_WRITE,
        0, nil, OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL, 0);
      if( hFile <> INVALID_HANDLE_VALUE ) then begin
        CloseHandle(hFile);
        Result := TRUE;
      end;
    end;
    
    function IsDBG:Boolean;
    begin
      hSnap:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
      ProcessInfo.dwSize:=sizeof(PROCESSENTRY32);
      Process32First(hSnap,ProcessInfo);
      repeat
       if Pos('OLLYDBG',UpCaseStr(ProcessInfo.szExeFile))<>0 then Found:=True;
       if Pos('DBG',UpCaseStr(ProcessInfo.szExeFile))<>0 then Found:=True;
       if Pos('DEBUG',UpCaseStr(ProcessInfo.szExeFile))<>0 then Found:=True;
       if Pos('IDAG',UpCaseStr(ProcessInfo.szExeFile))<>0 then Found:=True;
       if Pos('W32DSM',UpCaseStr(ProcessInfo.szExeFile))<>0 then Found:=True;
       ProcID:=ProcessInfo.th32ProcessID;
       hSnapMod:=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,ProcID);
       ModInfo.dwSize:=sizeof(MODULEENTRY32);
       Module32First(hSnapMod,ModInfo);
       repeat
        if Pos('OLLYDBG',UpCaseStr(ModInfo.szExePath))<>0 then Found:=True;
        if Pos('W32DSM',UpCaseStr(ModInfo.szExePath))<>0 then Found:=True;
       until (not Module32Next(hSnapMod,ModInfo));
       CloseHandle(hSnapMod);
      until (not Process32Next(hSnap,ProcessInfo));
      CloseHandle(hSnap);
      if FileExists(GetSys+'drivers\sice.sys') then Found:=True;
      if FileExists(GetSys+'drivers\ntice.sys') then Found:=True;
      if FileExists(GetSys+'drivers\syser.sys') then Found:=True;
      if FileExists(GetSys+'drivers\winice.sys') then Found:=True;
      if FileExists(GetSys+'drivers\sice.vxd') then Found:=True;
      if FileExists(GetSys+'drivers\winice.vxd') then Found:=True;
      if FileExists(GetSys+'winice.vxd') then Found:=True;
      if FileExists(GetSys+'vmm32\winice.vxd') then Found:=True;
      if FileExists(GetSys+'sice.vxd') then Found:=True;
      if FileExists(GetSys+'vmm32\sice.vxd') then Found:=True;
      if IsDebuggerPresent then Found:=True;
      if IsRing0DBG('\\.\SICE') then Found:=True;
      if IsRing0DBG('\\.\SIWVID') then Found:=True;
      if IsRing0DBG('\\.\NTICE') then Found:=True;
      if IsRing0DBG('\\.\TRW') then Found:=True;
      if IsRing0DBG('\\.\TWX') then Found:=True;
      if IsRing0DBG('\\.\ICEEXT') then Found:=True;
      if IsRing0DBG('\\.\SYSER') then Found:=True;
      Result:=Found;
    end;
    
    end.
    checks both in ring3 as ring0

    Example of use:

    Code:
     if IsDBG then
      MessageBox(0,'Debugger Detected...','Error',0)
     else
      MessageBox(0,'Debugger not found','Info',0) ;

Similar Threads

  1. checking administrator user
    By jaxBR in forum Delphi
    Replies: 0
    Last Post: 2013-11-08, 09:36 PM
  2. Client crashes upon debugger attatches .
    By MrUnreal in forum TERA Online
    Replies: 4
    Last Post: 2013-06-02, 10:27 PM
  3. [Tutorial] Using a debugger - OllyDbg
    By Blazer in forum Aika Guides, Tutorials
    Replies: 1
    Last Post: 2012-07-20, 10:03 PM
  4. Cheat Engine Debugger
    By iam_clint in forum Aika Online
    Replies: 4
    Last Post: 2010-10-20, 04:36 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •