Side Effects of Debugger

A target program might behave differently if it is being debugged, sometimes this can be very annoying. Also, these behavior deviations can be leveraged by anti-debugging. IsDebuggerPresent and CheckRemoteDebuggerPresent are well known APIs to tell if a program is attached by a debugger. 0:000> uf KERNELBASE!IsDebuggerPresent KERNELBASE!IsDebuggerPresent: 7512f41b 64a118000000    mov     eax,dword ptr fs:[00000018h] 7512f421 8b4030          mov     eax,dword ptr [eax+30h] 7512f424 0fb64002        movzx   eax,byte ptr [eax+2] 7512f428 c3              ret CloseHandle would raise an exception under a debugger, as stated…

2

A Debugging Approach to OutputDebugString

Using OutputDebugString is a common debugging technique for user mode debugging. It is easy but quite useful if you are debugging services or trouble shooting loader problem. #define WIN32_LEAN_AND_MEAN #include <Windows.h> int __cdecl main() {   OutputDebugStringA(“Hello, world! (first chance)\n”);   OutputDebugStringW(L”Hello, world! (second chance)\n”); } When you debug this demo application using Visual Studio, you would see the text messages from the Output window: And if you…

0