SHARE
TWEET

LFH anti-debugging trick

Souhail_Hammou Jan 31st, 2014 585 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. /* By Souhail Hammou : @Dark_Puzzle
  2. More details here : http://rce4fun.blogspot.com/
  3. */
  4. #include <iostream>
  5. #include <conio.h>
  6. #include <Windows.h>
  7. using namespace std;
  8. //Windows 7 only (32-bit applications)
  9. //For 64-bit applications the pointer to the FEA is at : heap_handle+0x178
  10. //Trick can be easily bypassed by attaching the process instead of running it inside a debugger.
  11. int main() {
  12.         int* heap = (int*) GetProcessHeap();
  13.         cout << heap << endl;
  14.         __asm{ add heap,0xd4 }
  15.         LPVOID LFH = (LPVOID) *heap;
  16.         if(LFH == NULL) {
  17.                 cout << "Debugger Detected...Exiting" << endl;
  18.         }
  19.         else {
  20.                 cout << "No Debugger Detected...Do Stuff" << endl;
  21.         }
  22.         _getch();
  23. }
RAW Paste Data
Top