-
Notifications
You must be signed in to change notification settings - Fork 3
/
NtQueryInformationProcess.cs
44 lines (35 loc) · 1.14 KB
/
NtQueryInformationProcess.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
using System;
using System.Runtime.InteropServices;
[DllImport("ntdll.dll", SetLastError = true)]
static extern int NtQueryInformationProcess(
IntPtr processHandle,
int processInformationClass,
ref IntPtr processInformation,
uint processInformationLength,
ref IntPtr returnLength
);
[DllImport("kernel32.dll", SetLastError = true)]
static extern IntPtr GetCurrentProcess();
bool isBeingDebugged()
{
var ERROR_SUCCESS = 0x0;
var ProcessDebugPort = 0x7;
IntPtr currProcessHandle = GetCurrentProcess();
if (currProcessHandle == IntPtr.Zero)
{
throw new Exception("Could not retrieve current process handle.");
}
IntPtr returnLength = IntPtr.Zero;
IntPtr portNumber = IntPtr.Zero;
int ntStatus = NtQueryInformationProcess(currProcessHandle, ProcessDebugPort, ref portNumber, (uint)IntPtr.Size, ref returnLength);
if (ntStatus != ERROR_SUCCESS)
{
throw new Exception("Could not query information process.");
}
return (portNumber != IntPtr.Zero);
}
if (isBeingDebugged())
{
throw new Exception("Debugger Detected !");
}
Console.WriteLine("No Debugger Detected :)");