‘Antidebugging For (M)asses – Protecting the Enviroment’
The number of computer hackers/crackers have reached a very high level recently. It is very hard to develop a product that will be secure against reverse engineering attacks, to be const-stricto it is surely impossible. However, if we can, why not make their dirty work harder?
The paper discusses several techniques:
* Open CSRSS.EXE to detect SEH debugger
* Use the CheckRemoteDebuggerPresent API provided by Windows XP
* Protect ExitProcess to detect Softice/D*
The whitepaper can be found at: http://pb.specialised.info/all/articles/antid.txt‘