Wilfried Mestdagh wrote: > In Delphi you can code: inIDE := DebugHook <> 0; > In general interrupt 3 is used for debuggers, so in Delphi or any othre > language you can use this. > > in Delphi something like: > > var > InDebugger: boolean; > begin > InDebugger := False; > asm > int 3; > mov InDebugger, 1; > end; > > if InDebugger then > ...
That won't really solve anything. It will _always_ detect a debugger, even when one isn't present. When a debugger is not present, "int 3" instructions get silently ignored. The "mov InDebugger, 1" instruction will get executed anyway. When a debugger is present, it will stop at the "int 3" line, but the person using the debugger can simply tell the program to resume running. In Delphi, and probably in most other debuggers, the user could even tell the program to resume running at a different place -- tell the program to _skip_ the "mov InDebugger, 1" line. There is a Windows API function, IsDebuggerPresent. It should work. However, it won't work well as a defense against cracking. If I were trying to crack a program, one of the first things I would do would be to patch over IsDebuggerPresent so that whenever your program called it, it would always return False. > Not tested :) And there will be some other issues, because the debugger > will stop on the 'int 3' code line. > > You can also prevent code from being debugged by insertnig NOP's after > an int 3 or by jumping to other parts of code. I dont know what is your > intention. Inserting NOP doesn't do anything. That's the entire purpose of the instruction. And jumping to other places doesn't prevent code from being debugged. All programs use jumps, even the ones you debug with Delphi. -- Rob __________________________________________________ Delphi-Talk mailing list -> [email protected] http://www.elists.org/mailman/listinfo/delphi-talk
