Stop Debug

There's a number of tricks that can be used to stop someone from being able to attach a debugger to your program on win32. One of the 'classic' ways to go about it is to start a thread in another process that monitors your process for debugger attachment. If the debugger is detected it terminates your process before any information can be leaked.

Here is a command line utility to inject some code into a running process that will monitor your process for debugger attachment, and here is the source. You need to know the PID of the running process and the PID of your process, which is easily obtainable by using Sysinternals PsList or Process Explorer.

It shouldn't be too hard to integrate this into your application.

<< back to my home page