We are closing registration and public forum view to Paid & Private in 16 days! CLICK HERE to register FREE.
 
Create an account  

For users privacy, our last domains: CarderHack.com and OmertaHack.net are moved to CardingTeam.ws

Deposit & Withdraw | About Verified Sellers and Escrow | Advertise | Scam Report | Tracking Number Details | ICQ: 717039384

carding forums carding forums
carding forums carding forums
carding forums Paid adv expire in 48 days
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
 
Basic Anti-Debugging in C++

#1
I am going to share a simple method for detecting whether your program (it may be viral code as well) is being debugged. Anti-debugging is an essential trick for survival of your malicious code.

Windows API provides a simple function isDebuggerPresent() but it can be bypassed too easily, and therefore should NOT be used. I will show you how to use Process Control Box to test debugging.

Process Control Box or PCB is a kernel level stuff, and therefore is accessible by Native API (not Win32 API). The following code shows how to do it. Code is self explanatory.

Code:
void alert()
{
    typedef unsigned long (__stdcall  *pfnNtQueryInformationProcess)(IN  HANDLE, IN  unsigned int, OUT PVOID,  IN ULONG, OUT PULONG);
    const int ProcessDbgPort = 7;
    pfnNtQueryInformationProcess NtQueryInfoProcess = NULL;
    unsigned long Ret;
    unsigned long IsRemotePresent = 0;

    HMODULE hNtDll = LoadLibrary(TEXT("ntdll.dll"));
    if(hNtDll == NULL)
    {
        cout<<"\nFATAL ERROR!!!!\nPress any key to terminate....";
        _getch();
        exit(0);
    }

    NtQueryInfoProcess = (pfnNtQueryInformationProcess)
    GetProcAddress(hNtDll, "NtQueryInformationProcess");
    if(NtQueryInfoProcess == NULL)
    {
        cout<<"\nFATAL ERROR!!!!\nPress any key to terminate....";
        _getch();
        exit(0);
    }
    Ret = NtQueryInfoProcess(GetCurrentProcess(), ProcessDbgPort, &IsRemotePresent, sizeof(unsigned long), NULL);
    if(Ret == 0x00000000 && IsRemotePresent != 0)
    {
        cout<<"\nClose your bloody debugger!!!\n";
    }
    else
    {
        cout<<"\nI am not being debugged...\n";
    }
}

To use it in your code, simply call alert() function. You may want to modify it to return a value (true/false) instead of printing string.
Reply
Paid adv. expire in 47 days
CLICK to buy Advertisement !

    Verified & Trusted HACKED Payza, PayPal, Ukash, Ucard, EgoPay, Skrill - TRANSFER [Escrow accepted]


#2
thx for share
Reply

#3
The ImmunityDebugger has also a plugin that bypass several anti-debug tricks. Maybe thats also interesting to look at their github repo, if you want to learn what kind of techniques are popular.
Reply



Forum Jump: