Anti-DebugNET icon indicating copy to clipboard operation
Anti-DebugNET copied to clipboard

Published 20 hours ago verified publisher icon Mecanik

Is this correct?

Open shrikantbmali opened this issue 3 years ago • 2 comments

I'd expect the DebugPort to have a valid pointer if the status was successful? Which also then indicates the debugger port is active?

https://github.com/Mecanik/Anti-DebugNET/blob/fce1a115920c80be94f1547413c483f1ca3315e8/Anti-DebugNET/AntiDebug/DebugProtect2.cs#L73

shrikantbmali avatar Mar 23 '21 14:03 shrikantbmali

Yes, that's correct; sorry about that.

I might have done small mistakes due to being rushed to write it... please use it with a grain of salt and always test.

Soon, I will update the code with improved checks, more checks and system calls.

Mecanik avatar Mar 23 '21 15:03 Mecanik 

private static int CheckDebugPort()
            {
                NtStatus status;
                IntPtr DebugPort = IntPtr.Zero;
                int ReturnLength;

                unsafe
                {
                    status = NtQueryInformationProcess(System.Diagnostics.Process.GetCurrentProcess().Handle, PROCESSINFOCLASS.ProcessDebugPort, out DebugPort, Marshal.SizeOf(DebugPort), out ReturnLength);

                    if (status == NtStatus.Success && DebugPort != IntPtr.Zero)
                    {
                        return 1;
                    }
                }

                return 0;
            }

vibheksoni avatar Jul 21 '23 02:07 vibheksoni