反调试专题笔记

Windows下反调试

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
#include <iostream>
#include <Windows.h>
DWORD AntiDebugCallBack(LPVOID lpThreadParameter){
    while(true)
        if(IsDebuggerPresent()){
            MessageBox(NULL,"被调试了","Debug",MB_OK);
            //...
        };
};
int main(void){
    HANDLE hThread=CreateThread(NULL,NULL,(LPTHREAD_START_ROUTINE)AntiDebugCallBack,NULL,NULL,NULL);
    WaitForSingleObject(hThread,-1);
    system("pause");
    return 0;
};

Linux下反调试

1
2
3
4
#include <sys/ptrace.h>
if(ptrace(PTRACE_TRACEME,0,0,0)==-1){
    //被调试
};