Jump to content

Detecting debugger like SoftIce

- - - - -
Started by ommy, Nov 15 2007 05:38 AM

This topic has been archived. This means that you cannot reply to this topic.
1 reply to this topic

#1
ommy
Posted 15 November 2007 - 05:38 AM

ommy

    Newbie

  • Members
  • Pip
  • 1 posts
I know that it will still be eventually cracked but I would like to figure out a way to stump these guys for a little while. I've been thinking about ways of detecting debuggers and have been doing research on the subject.

If we can detect these debuggers we can possibly halt cracking! Here is what I have come up with:

Look for the SoftICE registry key: HKEY_LOCAL_MACHINE,"Software\\NuMega\\SoftIce"

On Win9x
- detect a debugger through the Vxd-Backdoor
- detect the WinICE handler in int68h
- detect the 'magic number' 0F386h returned (in ax) by system debuggers through int 41h, function 4Fh

Anyone have any more advice for me?

#2
TcM
Posted 17 November 2007 - 03:09 AM

TcM

    Writes binary right handed and hex left handed

  • Members
  • PipPipPipPipPipPipPipPipPip
  • 11,147 posts
As for the registry... I don't think that would be effective, because there are too many debuggers out there!
Back to Software Security




  1. CODECALL Programming Forum
  2. General Discussion
  3. Software Security
IPB skins by Skinbox