i was trying to implement a simple anti debugger trick

which translates to

but for some reason this generates an error in the .code segiment i use can anyone help me here?

db 0EBh

you could use IsDebuggerPresent, FindWindow & CreateFile to detect the common debuggers. SI with createFile.

forsaken, I'm interested in how you detect a debugger through FindWindow & CreateFile. What do you do to detect a debugger with those functions?

Regards

you can detect SoftICE with CreateFile, i cannot recall the filename which needs to be created in order to detect it but i do know that there's tons of information about SI detection so snoop around at google and im sure you will find more then enough info about the subject.

and as far as findWindow goes, this can be used to detect debuggers by class or window name, i do not think theres any way to detect a random debugger this way(?)

well, anyways... check out IsDebuggerPresent and some of the SI detection tricks.

There is a way to detect a random bugger. I just came up with it.. right now

Make a thread which detects the foreground window. GetForeGroundWindow

If your in a debugger... such as Ollydbg or whatnot.

Once your window is initlized. Check foreground window . After compare the text to your programs text.... If it's not the same your program is running another program.... ;0..

Ok, thanks to both for the data!!

On program start.
-Have it create a remote thread (in like explorer).
-The remote thread will load the program again (but suspended)
-Patch the memory of the suspended program to JMP over the RemoteThread stuff.
-Terminate teh first instance of the program
-The new instanceof the Program (not loaded by the debugger)

It seems like it would work :\

r22, nice one already tested but didnt know how to patch the suspended program so i made remotethread to copy the first.exe to second.exe and then in both exe's(they are the same...) it checks if the filename is second.exe and if so it does skip remotethread... it is easy to get over just by debugging second.exe but its good to start with

just hit me, that patching a programs code section wouldn't be easy remotely while the process is suspended, so instead...
Just have the program check the command line that Created it and add an arguement if you want the program to skip its anti-debugger startup code.

You can also use suspend process after the debugger has been found ....and it will freeze the program which as loaded your exe