KdDebuggerEnabled

1. #include "stdafx.h"
2. #include "windows.h"
3.  
4.  
5. #pragma comment(linker,"/NODEFAULTLIB")
6. #pragma comment(linker,"/INCREMENTAL:NO")
7. #pragma comment(lib,"ntdll")
8. #pragma comment(linker,"/entry:main")
9.  
10.  
11. extern "C"
12. {
13.     int __stdcall ZwQuerySystemInformation(int,void*,unsigned long,int*);
14. }
15.  
16.  
17. int main(int argc, char* argv[])
18. {
19.     unsigned char* pSharedUserData=(unsigned char*)0x7FFE0000; //Always at the same address even on 64-bit and /3GB user address spaces
20.     if( *(pSharedUserData+0x2D4) )
21.     {
22.         MessageBox(0,"Kernel debugger is found","waliedassar",0);
23.         ExitProcess(0);
24.     }
25.     else
26.     {
27.         unsigned char px[0x2]={0};
28.         if(ZwQuerySystemInformation(0x23,&(px[0]),0x2,0)>=0)
29.         {
30.             if(px[0])
31.             {
32.                 //You seem to have patched _KUSER_SHARED_DATA::KdDebuggerEnabled
33.                 MessageBox(0,"Kernel debugger is found","waliedassar",0);
34.                 ExitProcess(0);
35.             }
36.         }
37.     }
38.     return 0;
39. }