This repository hosts code that shows some of the trivial ways to detect the presence of debuggers under Windows applications. More thorough resources can be found on other GitHub repositories and Peter Ferrie's The "Ultimate”Anti-Debugging Reference". The examples are organized by functionality.
To build the project run the following from build/.
cmake ../
cmake --build .
The ReadTEB example makes use of __asm which isn't supported on x64 and is excluded from the makefile.
These are some checks that can be run from within the source of an application.
IsDebuggerPresent - Basic Win32 API call to check for the presence of a debugger
OutputDebugString - Use the Win32 API to tryto communicate with a potentially attached debugger
FindWindow - Use the Win32 API to search for debugger windows
ReadTEB - A brief look at the internals of IsDebuggerPresent
DebugBreak - A win32 call that will throw when a debugger isn't attached.
Checking external processes for the presence of an attached debugger.
CheckRemoteDebuggerPresent - IsDebuggerPresent for external processes
Anti Reverse Engineering Protection Techniques to Use Before Releasing Software