리버싱/기타

Anti Debugging using CheckRemoteDebuggerPresent

즉흥 2016. 7. 20. 21:14
728x90
반응형



Windows XP 이상부터 사용 가능


1
2
3
4
BOOL WINAPI CheckRemoteDebuggerPresent(
  _In_    HANDLE hProcess,
  _Inout_ PBOOL  pbDebuggerPresent
);
cs



Parameters

hProcess [in]

A handle to the process.

pbDebuggerPresent [in, out]

A pointer to a variable that the function sets to TRUE if the specified process is being debugged, or FALSEotherwise.

Return value

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.


https://msdn.microsoft.com/ko-kr/library/windows/desktop/ms679280(v=vs.85).aspx

728x90
반응형
저작자표시 비영리 변경금지