08-31-2011، 09:55 AM
کد:
'---------------------------------------------------------------------------------------
' Module : mAntiDebug
' DateTime : 4/09/2009 03:25
' Author : SqUeEzEr
' Mail : scott_van_dinter@hotmail.com
' Purpose : Check if you're being debugged
' Usage : At your own risk
' Requirements: None
' Distribution: You can freely use this code in your own
' applications, but you may not reproduce
' or publish this code on any web site,
' online service, or distribute as source
' on any media without express permission.
'
'---------------------------------------------------------------------------------------
Option Explicit
Private Declare Function NtCurrentTeb Lib "ntdll" () As Long
Private Declare Function NtWriteVirtualMemory Lib "ntdll.dll" (ByVal ProcessHandle As Long, ByVal BaseAddress As Long, ByVal pBuffer As Long, ByVal NumberOfBytesToWrite As Long, ByRef NumberOfBytesWritten As Long) As Long
Public Function IsBeingDebugged() As Boolean
Dim pPeb As Long
Dim bIBD As Boolean
Dim l As Long
Dim pHeap As Long
NtWriteVirtualMemory -1, VarPtr(pPeb), NtCurrentTeb + &H30, 4, 0
NtWriteVirtualMemory -1, VarPtr(pHeap), pPeb + &H20, 4, 0
NtWriteVirtualMemory -1, VarPtr(bIBD), pPeb + 2, 1, 0
NtWriteVirtualMemory -1, VarPtr(l), pHeap + &H10, 4, 0
If l <> 0 Then IsBeingDebugged = True
If bIBD = True then IsBeingDebugged = True
End Function