Detecting a running debugger 
Author Message
 Detecting a running debugger

Hi,

I trying to figure out what ways my app could detect that its running in a
de{*filter*}.   I'm supposing that the most straight forward method is to check
the trap flag.  Is this the only and best way?

thanks

-Wes



Wed, 09 Jan 2002 03:00:00 GMT  
 Detecting a running debugger

Quote:

> Hi,

> I trying to figure out what ways my app could detect that its running in a
> de{*filter*}.   I'm supposing that the most straight forward method is to check
> the trap flag.  Is this the only and best way?

This is not a correct way - you will be able only to detect if someone is
tracing
through your code. And it is quite obvious for the man who's tracing. It can be

done by following sequence (if you still need this way:)

    mov    ax, ss
    mov    ss, ax    ; if the SS register modified, nex command won't be
interrupted
                             ; even if tracing. That's why we'll get TF flag
pushed in original state
    pushf                ; Get our flags
    pop    ax
    test    ah, 1      ; Check trace flag

However I'd suggest to use other tricks such as:
1. Playing with DR? registers on 386 and higher to take cae about H/W
breakpoints.
2. Verifying INT1 and INT3 handlers. Usually they point to IRET. Maybe setting
some
    routines there.
3. Using the memory at Interrupt Vector Table that holds pointers to INTs
mentioned
    above for program's usage. Usually done in real mode.
4. It is also suggested to take special measures against SoftICE. SoftICE API
is
    documented at Ralf Brown's interrupt list.

--
Wanna make $$$ ? It's easy!!!
Holding <Shift> key press "4" three times.



Fri, 11 Jan 2002 03:00:00 GMT  
 
 [ 2 post ] 

 Relevant Pages 

1. detecting debuggers

2. Detect Soft-Ice(Debugger)?

3. glibc detected *** ./run.out: munmap_chunk(): invalid pointer:

4. Detecting Running Apps on Windoze in Cygwin

5. Detecting if Linux Program Running

6. Detecting if running Windows NT

7. Problems with obj.detect{} running in irb

8. How to detect a job running

9. Detect running from a CD

10. Detecting whether or not a Rexx .CMD is currently running

11. Detecting if SHARE.EXE or Windows is running

12. GT_IsWin() Function - Detecting if running under Windows etc.

 

 
Powered by phpBB® Forum Software