Test for the debugger

command : x86_64-w64-mingw32-g++ peb_teb.cpp -o peb.exe -Wint-to-pointer-cast -fpermissive

#include <windows.h>
#include <winternl.h>
#include <winnt.h>
#include <stdio.h>
#include <stdlib.h>


int main()
{
#ifdef _WIN64
    PPEB pebPtr = (PPEB)__readgsdword(0x60);
    DWORD debuggedTest = pebPtr->BeingDebugged;
    printf("[+] Debug test status: 0x%x\n", debuggedTest);
#else
    PPEB pebPtr = (PPEB)___readfsdword(0x30);
    DWORD debuggedTest = pebPtr->BeingDebugged;
    printf("[+] Debug test status: 0x%x\n", debuggedTest);
#endif
    return 0;
}

structure resource: Vergilius, msdn

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

beingDebugged.md

beingDebugged.md

Files

beingDebugged.md

Latest commit

History

beingDebugged.md

File metadata and controls