4zu
Reputation: 11
Is there any way to identify the process that is debugging my process?
If you look up Anti-Debug on the Internet, you will find a lot of information. For example, isDebuggerPresent and NtGlobalFlags were found in the search. However, my process can only protect itself from the debugger by terminating its own process when it detects it.
I would like to know how to prevent the debugger from attaching in the first place, or how to identify and detach the debugger process.
Upvotes: 0
Views: 540
Answers (1)
Employed Russian
Reputation: 213754
I would like to know how to prevent the debugger from attaching in the first place, or how to identify and detach the debugger process.
- There isn't a way to do that.
- Even if there was, the debugger could have done a lot of things to your process between attaching and detaching -- change global data, change function pointers, create new threads, inject DLLs, etc.
So even if you could detach the debugger, you shouldn't trust your process' integrity after doing that.
Upvotes: 1
Related Questions
- How can I tell which process I am debugging (attached to multiple processes) in Visual Studio?
- How to debug a process using Visual Studio?
- Debug child executable of a process
- Detach debugger(unknown) from process?
- Find the pid of Visual Studio which is debugging my process
- Can you detect a debugger attached to your process using Div by Zero
- how to detect if process is being debugged
- C++ How to debug a process spwaned by another
- How can I find out which debugger is debugging my .NET app?
- how to find the other process