I have a desktop application in c++. I want to check if any runtime change in the executable using debugger has been done or not. And if done executable will quit. How I check it?
I have alrea开发者_如何学编程dy used CheckRemoteDebuggerPresent but hacker made changes in exe to skip this statement
edit: Can we forcefully stop debugger if it exists and if not it will just act as a dummy code. I have tried DebugActiveProcessStop but it doesnt work on current process i guess
Unfortunately, it is not generally possible to ensure that your executable is not modified. You can opt for a secure platform (desktop applications are not) or you can get one of many code obfuscation / protection packages; but it is possible to bypass these.
My favorite essay on the subject is "Keeping the Pirates at Bay" (source).
To detect runtime changes you need a loop to hash various areas of memories to make sure they are unmodified along with something like VirtualQuery to make sure the page access isn't being tampered with, of course this can always be counteracted, just see Blizzards Warden (which uses this method).
This recent paper by Tyler Shields from Veracode has a pretty extensive selection of techniques you could consider using.
http://www.shell-storm.org/papers/files/764.pdf
But you will have to accept that a sophisticated attacker will almost always find a way around whatever you choose to do.
You can do this with CheckRemoteDebuggerPresent() to detect a debugger, but I don't know if a way to detect if a change has been made. There are a few other options here.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论