Archive for July, 2009

Download: This is just a very, very simple C++ wrapper for the Windows API. It supports buttons, labels, checkboxes, and textboxes. Window events are also added, and the main.cpp given file is an example of using all the features of the wrapper. My long term goal is to implement every Windows API object and […]

I was browsing the MSDN library recently in the “Intrinsics” index, and found a neat little intrinsic for fetching a pointer to the IDT. Rather than checking the IDT itself, for XP/2000, the pointer itself is something that changes in the context of a debugger. DWORD __inline SiberianTiger::CheckIDT( ) { DWORD returnVal; DWORD_PTR *IDTP = […]

C++ splash

20Jul09 Using nothing but the Windows API, just replace the “Splash.bmp” file with the file of your choice, then compile. Enjoy!

Update again! No bugfixes, only two new features. Changelog: – Check for a potential hook on IsDebuggerPresent via setting the BeingDebugged bit in the PEB to “true”. – Remove as much header information as possible; in some debugging situations, errors may arise based off other debugger-caused issues. Download: ___ Revision 0.412b A friend bugged […]

After work on a few other libraries, I hopped back to AD, and made some much-needed revisions. Download: Changelog: – Each anti-debug trick added into a “new” function, with a return code of 0 if an error occurs – Class, variable, and function renaming – Creation of an exit code table; each exit has […]

Download: I’ve set up a class to handle the anti-debug portion; still works on x86(-x64) Windows Vista (SP0-SP1), Windows XP (SP0-SP3), and Windows 2000 (SP0-SP4). All you have to do is initialize the class (i.e. “antiDebug antiDebug;”), and the anti-debug code will be all taken care of 😉

Thanks to Chazwazza over at GameDeception for some much needed aid in bug fixing, and some motivation to make major changes, I’ve ported major instances of inline ASM to intrinsics, now leaving only two anti-debugger tricks which require inline ASM (And will be filtered out if the option for x64 is enabled). When you attempt […]