Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // http://waleedassar.blogspot.com - (@waleedassar)
- #include "stdafx.h"
- #include "windows.h"
- extern "C"
- {
- int __stdcall ZwQueryObject(int,int,void*,int,int);
- }
- int main(int argc, char* argv[])
- {
- unsigned long pMem=0;
- unsigned long size=0;
- do
- {
- size+=0x1000;
- pMem=(unsigned long)VirtualAlloc(0,size,MEM_COMMIT,PAGE_READWRITE);
- if(pMem==0) return 0;
- if(ZwQueryObject(0,0x3,(void*)pMem,size,0) < 0)
- {
- VirtualFree((void*)pMem,0,MEM_RELEASE);
- }
- else break;
- }while(1);
- unsigned long count=*(unsigned long*)pMem;
- pMem+=4;
- do
- {
- unsigned long length=*(unsigned short*)pMem;
- wchar_t* TypeName=*(wchar_t**)(pMem+0x4);
- unsigned long objects_count=*(unsigned long*)(pMem+0xC); //not handles count
- if(length==0x16)
- {
- if(!wcsncmp(TypeName,L"DebugObject",length))
- {
- if(objects_count)
- {
- MessageBox(0,"Debugger detected","waliedassar",0);
- return 0; //Exit process
- }
- break;
- }
- }
- pMem=((unsigned long)TypeName+length+4);
- pMem&=-4;
- }while(9);
- MessageBox(0,"Okay","waliedassar",0);
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
