// Debugging thread main loop
static void DebuggerThread(object arg)
{
// Attach to the process we provided the thread as an argument
if (!AntiDebug.DebugActiveProcess((int)arg))
{
throw new Win32Exception();
}
while (true)
{
// wait for a debug event
if (!AntiDebug.WaitForDebugEvent(out var evt, -1))
{
throw new Win32Exception();
}
// return DBG_CONTINUE for all events but the exception type
var continueFlag = SelfDebugger.DbgContinue;
if (evt.dwDebugEventCode == DebugEventType.ExceptionDebugEvent)
{
continueFlag = SelfDebugger.DbgExceptionNotHandled;
}
// continue running the debug
AntiDebug.ContinueDebugEvent(evt.dwProcessId, evt.dwThreadId, continueFlag);
}
}
static void WaitForDebugger()
{
var start = DateTime.Now;
while (!AntiDebug.CheckDebuggerUnmanagedPresent() &&
!AntiDebug.CheckDebuggerManagedPresent() &&
!AntiDebug.CheckRemoteDebugger())
{
Console.WriteLine("Application working by self debugging...");
if ((DateTime.Now - start).TotalMinutes > 1)
{
throw new TimeoutException("Debug operation timeout.");
}
Thread.Sleep(1);
}
}
internal static void PerformChecks()
{
if (AntiDebug.CheckRemoteDebugger())
{
throw new Exception(Constants.ActiveRemoteDebuggerFound);
}
if (AntiDebug.CheckDebuggerManagedPresent() || AntiDebug.CheckDebugPort())
{
throw new Exception(Constants.ActiveDebuggerFound);
}
if (AntiDebug.CheckDebuggerUnmanagedPresent())
{
throw new Exception(Constants.ActiveUnmanagedDebuggerFound);
}
if (AntiDebug.CheckKernelDebugInformation())
{
throw new Exception(Constants.ActiveKernelDebuggerFound);
}
if (DetectEmulation())
{
throw new Exception(Constants.ApplicationRunningOnEmulation);
}
if (DetectSandbox())
{
throw new Exception(Constants.ApplicationRunningOnSandbox);
}
if (DetectVirtualMachine())
{
throw new Exception(Constants.ApplicationRunningOnVirtualMachine);
}
}
internal static void PerformDetach()
{
Parallel.Invoke(() => AntiDebug.DetachFromDebuggerProcess(),
AntiDebug.HideOsThreads,
Scanner.ScanAndKill);
}