-
Notifications
You must be signed in to change notification settings - Fork 22
/
classic_antidbg.cpp
90 lines (79 loc) · 2.06 KB
/
classic_antidbg.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
#include "classic_antidbg.h"
#include <iostream>
bool exception_is_dbg()
{
__try {
RaiseException(DBG_PRINTEXCEPTION_C, 0, 0, 0);
}
__except (EXCEPTION_EXECUTE_HANDLER) {
std::cout << "Exception handler executed!\n";
return false;
}
return true;
}
bool is_single_stepping()
{
#ifndef _WIN64
std::cout << "Trying to set the Trap Flag!\n";
bool is_exception = false;
__try
{
__asm
{
pushfd // push EFLAGS on the stack
or dword ptr[esp], 0x100 // set the Trap Flag
popfd // load EFLAGS from the stack
nop // make one more step
}
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
std::cout << "Trap generated exception!\n";
is_exception = true;
}
// no exception: single stepping detected!
return !is_exception;
#else
std::cerr << __FUNCTION__ << ": Currently not implemented for 64 bit!\n";
return false;
#endif
}
bool hardware_bp_is_dbg()
{
CONTEXT ctx = { 0 };
bool is_hardware_bp = false;
HANDLE thread = OpenThread(THREAD_ALL_ACCESS, FALSE, GetCurrentThreadId());
ctx.ContextFlags = CONTEXT_DEBUG_REGISTERS;
if (GetThreadContext(thread, &ctx)) {
is_hardware_bp = (ctx.Dr0 | ctx.Dr1 | ctx.Dr2 | ctx.Dr3) != 0;
}
CloseHandle(thread);
return is_hardware_bp;
}
bool is_debugger_api()
{
if (IsDebuggerPresent()) return true;
BOOL has_remote = FALSE;
CheckRemoteDebuggerPresent(GetCurrentProcess(), &has_remote);
return has_remote ? true : false;
}
//---
// timer
bool antidbg_timer_check()
{
static ULONGLONG time = 0;
if (time == 0) {
time = __rdtsc();
std::cout << "First Time: " << std::hex << time << "\n";
return false;
}
ULONGLONG second_time = __rdtsc();
std::cout << "Second Time: " << std::hex << second_time << "\n";
ULONGLONG diff = (second_time - time) >> 20;
std::cout << "Time diff: " << std::hex << diff << "\n";
if (diff > 0x100) {
time = second_time;
return true;
}
return false;
}