Quantcast
Channel: 看雪安全论坛
Viewing all articles
Browse latest Browse all 9556

【讨论】用DebugActiveProcess检测被调试?

May 2, 2013, 7:01 pm
$
0
0
根据能否附加目标进程来判断是否被调试了,不知道可行不?

引用:
#include <windows.h>

BOOL EnableDebugPrivilege(BOOL bEnable)
{
BOOL fOK = FALSE; //Assume function fails
HANDLE hToken;
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken))
{
//Attempt to modify the "Debug" privilege
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount = 1;
LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid);
tp.Privileges[0].Attributes = bEnable ? SE_PRIVILEGE_ENABLED : 0;
AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL);
fOK = (GetLastError() == 0);
CloseHandle(hToken);
}
return fOK;
}


int __stdcall WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd )
{
LPSTR pFind = strstr(lpCmdLine, "pid=");

if (0 == pFind)
{
// 创建子进程,并以父进程的PID为命令行参数,让子进程尝试attach 父进程
char path[MAX_PATH], format[MAX_PATH];
GetModuleFileNameA(NULL, path, sizeof(path));
wsprintfA(format, "pid=%d", GetCurrentProcessId());
ShellExecuteA(NULL, "open", path, format, NULL, 0);

// 只是起不让父进程退出的作用
MessageBoxA(NULL, "just keep process running", NULL, 0);
}
else
{
// 子进程

// attach 需要调试权限
EnableDebugPrivilege(TRUE);

pFind += 4;
long pid = atol(pFind);
if(!DebugActiveProcess(pid))
{
// 可能被调试了
DWORD err = GetLastError();
char error[MAX_PATH];
wsprintfA(error, "attach failed with error code:0x%0x\n", GetLastError());
MessageBoxA(NULL, error, NULL, 0);
}
else
{
// 没有被调试
DebugActiveProcessStop(pid);
MessageBoxA(NULL, "process is not debugged!", NULL, 0);
}
}
}
Search
Viewing all articles
Browse latest Browse all 9556

Trending Articles

[奇怪机翻组] 过分色气的深见君 / Yatara Yarashii Fukami-kun - 01 [WebRip] [1080P...

April 16, 2025, 10:37 pm

[ReinForce] 吸血鬼同盟 Dance In The Vampire Bund (BDRip 1920x1080 x264 FLAC)

November 15, 2013, 7:57 am

有人買民雄嘉大博識嗎?(或美銓建設以前的建案)

July 25, 2021, 9:58 am

JVID女郎 搞暗黑《延禧》

September 10, 2018, 9:59 am

MAME 0.277 免安裝中文版 - 街機遊戲模擬器

May 8, 2025, 8:10 am

Photoshop.CS6 (免安裝隨身版 隨插即用 ) (直接下載)

August 19, 2018, 8:33 am

行星绕恒星边飞边解体 令科学家惊心动魄

April 22, 2025, 5:11 pm

【日语无字】春之钟.Haru.no.kane.1985.JAP.vhsrip.NoSub.by.xiongzaixia&vivi

May 5, 2017, 9:42 pm

竹北高鐵第一豪宅若山怎麼了?竹北高鐵第一豪宅若山怎麼了?

March 29, 2021, 12:29 am

df-dferh-01 中国区 Android 安装 Google Play Store 后报错 的 解决办法

April 24, 2019, 6:56 am

出售: sound mechanics 音響架

November 12, 2019, 6:54 am

关门一家亲:习远平 、张澜澜、徐才厚

December 23, 2020, 10:17 pm

[转载]梦瑜伽 三梦大法 梦瑜伽的修行方法

March 11, 2015, 10:01 am

詐騙猖獗 網路名師也中鏢 江兆君(小M老師):學員勿上當!

October 1, 2021, 6:14 am

Windbg 指令與分析之教學筆記

December 3, 2019, 1:25 am

Office 安装管理器,一键下载/安装//打包ISO!支持2016-2024/365全版本!微软官方下载安全可靠!

May 6, 2025, 6:50 am

回顧廿六年前北角地盤籠

March 21, 2019, 9:19 am

【追新番字幕組】★[簡日雙語][ 勇者義彥和被引導的七人 12 最終回 / ゆうしゃヨシヒコとみちびかれしななにん Yusha Yoshihiko to...

December 24, 2016, 6:28 am

C88圣战首日吸引18万人参战!会场工作人员名言汇总

August 14, 2015, 1:25 am

SFC超級任天堂釣魚太郎1.2.3 (海釣太郎) 遊戲+金手指+模擬器!

August 28, 2014, 10:51 pm
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>