Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/wanttobeno/AntiDebuggers

30种方法检测程序是否被调试
https://github.com/wanttobeno/AntiDebuggers

Last synced: 3 months ago
JSON representation

30种方法检测程序是否被调试

Host: GitHub
URL: https://github.com/wanttobeno/AntiDebuggers
Owner: wanttobeno
Created: 2018-04-06T04:34:28.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2019-04-18T02:33:30.000Z (over 5 years ago)
Last Synced: 2024-05-08T01:31:40.431Z (6 months ago)
Language: C++
Size: 1.29 MB
Stars: 312
Watchers: 9
Forks: 100
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-hacking-lists - wanttobeno/AntiDebuggers - 30种方法检测程序是否被调试 (C++)

README

        ### 反调试技术总结

反调试就是检测有没有被调试器调试，比如OllyDbg，IDA，WinDbg等。

参考资料：[houjingyi ](https://bbs.pediy.com/thread-225735.htm)

 代码： [GitHub](https://github.com/houjingyi233/test-debug)

[Tencent2016D.cpp](./Tencent2016D.cpp) 中实现了30种检测调试器的方法，非常的精彩给力

--

30 Ways to anti-debugging on PC.For more information:http://blog.csdn.net/qq_32400847/article/details/52798050

##### 截图

![snatshot.png](snatshot.png)

##### 虚拟机检测

[AntiVirtualMachine](https://github.com/wanttobeno/AntiVirtualMachine)

##### 保护自己的程序不被破解

[DllProtect](https://github.com/wanttobeno/DllProtect)

#####  各种反调试技术原理与实例 VC版

帖子：[各种反调试技术原理与实例 VC版](https://bbs.pediy.com/thread-114767.htm)

[各种反调试技术原理与实例VC版.pdf](./反调试技术实例VC版/各种反调试技术原理与实例VC版.pdf)

![Snatshot.png](./反调试技术实例VC版/282401_i4gdy3hacnzffml.jpg)

```c++

void CDetectODDlg::OnExplorer() 

{

	// TODO: Add your control notification handler code here

	HANDLE hwnd;

	PROCESSENTRY32 tp32;  //结构体

	CString str="Explorer.EXE";

	DWORD ExplorerID;

	DWORD SelfID;

	DWORD SelfParentID;

	SelfID=GetCurrentProcessId();

	::GetWindowThreadProcessId(::FindWindow("Progman",NULL),&ExplorerID);

	hwnd=::CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,NULL);

	if(INVALID_HANDLE_VALUE!=hwnd) 

	{

		Process32First(hwnd,&tp32);

		do{

			if(0==lstrcmp(str,tp32.szExeFile))

			{

			//	ExplorerID=tp32.th32ProcessID;

			//	AfxMessageBox("aaa");

			}

			if(SelfID==tp32.th32ProcessID)

			{

				SelfParentID=tp32.th32ParentProcessID;

			}

		}while(Process32Next(hwnd,&tp32));

		str.Format("本进程：%d 父进程：%d Explorer进程: %d ",SelfID,SelfParentID,ExplorerID);

		MessageBox(str);

		if(ExplorerID==SelfParentID)

		{

			AfxMessageBox("没有OD");

		}

		else

		{

			AfxMessageBox("发现OD");

		}

	}

	CloseHandle(hwnd);

}

```