Comments (5)
While we are at it, we may as well try to circumvent 0xd4d/antinet ? It could be tricky .
Yes, you are right, circumventing antinet will definitely be tricky due to how it works. We can't just hook an unmanaged function as we do with CheckRemoteDebuggerPresent, IsDebuggerPresent, etc.
at about check for breakpoints by current system time?
I'm not exactly sure what you mean by this...
from dnspy.
.NET obfuscators and protectors like to employ "Anti Debug" measures to prevent debugging. dnSpy is currently able to bypass the following methods of checking for a debugger:
IsAttached
andIsLogging
properties/methods from theSystem.Diagnostics.Debugger
class.CheckRemoteDebuggerPresent
native API.IsDebuggerPresent
native API.Other known ways that can detect the dnSpy debugger:
- Checking for presence of the dnSpy hooks on
CheckRemoteDebuggerPresent
andIsDebuggerPresent
.CloseHandle
native API - passing an invalid handle that is not zero will cause the API to throw an exception only if the process is running under a debugger.NtQueryInformationProcess
native API - Used to retrieve the parent process and is often compared to an internal table of known debugger tools.- Checking process list for process names that contain
dnSpy
- Very rarely used in software that is not UnpackMes.- Checking for the existence of
%APPDATA%\dnSpy\dnSpy.xml
file - Very rarely used in software that is not UnpackMes.Potential solutions:
- Allow usage of https://github.com/x64dbg/ScyllaHide together with dnSpy to greatly improve the AntiAntiDebug component.
- If 1 fails or is not viable, we can manually implement bypasses for the aforementioned methods.
We can detect dnspy hook for IsAttached
property/method from the System.Diagnostics.Debugger
class as well.
I made a PR for https://github.com/XenocodeRCE/dnSpyDetector with the IsAttached
hook detection. Will be implementing IsLogging
today as well.
from dnspy.
While we are at it, we may as well try to circumvent https://github.com/0xd4d/antinet ? It could be tricky .
from dnspy.
what about check for breakpoints by current system time?
from dnspy.
I'm not exactly sure what you mean by this...
Its that kind of anti debug :
Check system time S1
some code
Check system time again S2
If too much time between S2 and S1 it means there have been pauses during execution, therefore breakpoints or being under a debugger. Not a reliable antidebugger but still used in non managed binaries.
The usual method of bypass is faking system time returned by the API.
from dnspy.
Related Issues (20)
- When trying to edit anything that is Async it throws error code CS0656 HOT 1
- Search results give priority to the display content at the beginning
- Drag and drop to file to editor not working fo x86 netframework version HOT 6
- Release log for 6.5.0 corrections HOT 1
- Unity game .dll file, can't compile because of some tuple error. HOT 3
- dnSpy starts the application without attaching a debugger HOT 13
- Feature/Enhancement - Improve mono-sdb implementation to allow remote debugging instances
- ModuleWriterException: Invalid section RVA HOT 2
- System.InsufficientExecutionStackException in 6.1.8 But it crashes/closes on 6.5.0 HOT 2
- CS0266 Error HOT 6
- Search results keeps refreshing
- Update to ilspy 8.2 HOT 1
- Prettify decompiled code HOT 7
- Support custom environment variables HOT 11
- Decompiler should use for(;;) instead of while() HOT 3
- C# (interactive) scripting example HOT 2
- Support modifying .dlls via CLI HOT 1
- ICSharpCode Decompiler DecompilerException on dnspy net8 of 28 April 2024 HOT 1
- Modify and reassemble BAML files HOT 4
- .dat file HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dnspy.