API tools faq
paste
Advertisement
waliedassar

Wow64-Specific Anti-Debug Trick

waliedassar
Dec 26th, 2012
1,753
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 0.90 KB | None | 0 0
raw download clone embed print report
  1. //http://waleedassar.blogspot.com
  2. //http://www.twitter.com/waleedassar
  3.  
  4. //A Wow64-specific anti-debug trick. This trick detects 32-bit debuggers. To bypass this trick you have
  5. //to use a 64-bit debuggers e.g. 64-bit WinDbg.
  6.  
  7. #include "stdafx.h"
  8. #include "windows.h"
  9.  
  10. extern "C"
  11. {
  12.     int __stdcall DbgPrompt(unsigned char*,unsigned char*,unsigned long);
  13. }
  14.  
  15. int __cdecl Handler(EXCEPTION_RECORD* pRec,void* est_frame,unsigned char* pContext,void* disp)
  16. {
  17.     MessageBox(0,"No 32-bit debugger attached","waliedassar",0);
  18.     ExitProcess(0);
  19.     return ExceptionContinueExecution;
  20. }
  21.  
  22. int main(int argc, char* argv[])
  23. {
  24.     __asm
  25.     {
  26.         push offset Handler
  27.         push dword ptr fs:[0x0]
  28.         mov dword ptr fs:[0],esp
  29.     }
  30.     unsigned char* resp=(unsigned char*)LocalAlloc(LMEM_ZEROINIT,0x100);
  31.     DbgPrompt((unsigned char*)"waliedassar",resp,0x100);
  32.     MessageBox(0,"32-bit debugger detected","waliedassar",0);
  33.     return 0;
  34. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!