Nima NT
شنبه 21 فروردین 1389, 22:21 عصر
unit antidebuge;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;
type
ppeb=^_PEB;
_PEB = packed record
Reserved1: array[0..2 - 1] of Byte;
BeingDebugged: Byte;
Reserved2: array[0..229 - 1] of Byte;
Reserved3: array[0..59 - 1] of Pointer;
SessionId: ULONG;
end;
type
PPROCESS_BASIC_INFORMATION = ^PROCESS_BASIC_INFORMATION;
PROCESS_BASIC_INFORMATION = packed record
ExitStatus: DWORD;
PebBaseAddress: ppeb;
AffinityMask: DWORD;
BasePriority: DWORD;
UniqueProcessId: DWORD;
InheritedUniquePID: DWORD;
end;
type
TForm2 = class(TForm)
Button1: TButton;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form2: TForm2;
implementation
function NtQueryInformationProcess (
ProcessHandle: THandle;
ProcessInformationClass: UINT;
ProcessInformation: Pointer;
ProcessInformationLength: ULONG;
ReturnLength: PULONG
): Integer; stdcall; external 'ntdll.dll';
{$R *.dfm}
function isdebuge:Boolean;
var
procinfo:PROCESS_BASIC_INFORMATION;
ret:Cardinal;
begin
NtQueryInformationProcess(GetCurrentProcess,0,@pro cinfo,SizeOf(PROCESS_BASIC_INFORMATION),@ret);
if procinfo.PebBaseAddress.BeingDebugged<>0 then
Result:=True
else
Result:=False;
end;
procedure TForm2.Button1Click(Sender: TObject);
begin
if isdebuge then
ShowMessage('debuge')
else
ShowMessage('not debuge');
end;
end.
فکر کنم پلاگین StrongOD این آنتی رو ByPass کنه ولی برای مطالعه خوب هست.
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;
type
ppeb=^_PEB;
_PEB = packed record
Reserved1: array[0..2 - 1] of Byte;
BeingDebugged: Byte;
Reserved2: array[0..229 - 1] of Byte;
Reserved3: array[0..59 - 1] of Pointer;
SessionId: ULONG;
end;
type
PPROCESS_BASIC_INFORMATION = ^PROCESS_BASIC_INFORMATION;
PROCESS_BASIC_INFORMATION = packed record
ExitStatus: DWORD;
PebBaseAddress: ppeb;
AffinityMask: DWORD;
BasePriority: DWORD;
UniqueProcessId: DWORD;
InheritedUniquePID: DWORD;
end;
type
TForm2 = class(TForm)
Button1: TButton;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form2: TForm2;
implementation
function NtQueryInformationProcess (
ProcessHandle: THandle;
ProcessInformationClass: UINT;
ProcessInformation: Pointer;
ProcessInformationLength: ULONG;
ReturnLength: PULONG
): Integer; stdcall; external 'ntdll.dll';
{$R *.dfm}
function isdebuge:Boolean;
var
procinfo:PROCESS_BASIC_INFORMATION;
ret:Cardinal;
begin
NtQueryInformationProcess(GetCurrentProcess,0,@pro cinfo,SizeOf(PROCESS_BASIC_INFORMATION),@ret);
if procinfo.PebBaseAddress.BeingDebugged<>0 then
Result:=True
else
Result:=False;
end;
procedure TForm2.Button1Click(Sender: TObject);
begin
if isdebuge then
ShowMessage('debuge')
else
ShowMessage('not debuge');
end;
end.
فکر کنم پلاگین StrongOD این آنتی رو ByPass کنه ولی برای مطالعه خوب هست.