Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[C++]How to Disable API IsDebuggerPresent

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
peenott
How do I cheat?
Reputation: 0

Joined: 01 Mar 2008
Posts: 3
PostPosted: Sat Mar 01, 2008 1:55 am    Post subject: [C++]How to Disable API IsDebuggerPresent Reply with quote
How to disable IsDebuggerPresent code in C++

needing for C++ Code
i don't usable the Assembly Code

(sorry for bad english)
Back to top
View user's profile Send private message
Flyte
Peanuts!!!!
Reputation: 6

Joined: 19 Apr 2006
Posts: 1887
Location: Canada
PostPosted: Sat Mar 01, 2008 2:42 am    Post subject: Reply with quote
The best way is to do it via assembly.

Code:
mov eax, [fs:30h]
mov byte [eax+2], 0
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 205

Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
PostPosted: Sat Mar 01, 2008 9:26 am    Post subject: Reply with quote
http://www.extalia.com/forums/viewtopic.php?f=59&t=2899
_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
DeletedUser14087
I post too much
Reputation: 2

Joined: 21 Jun 2006
Posts: 3069
PostPosted: Sat Mar 01, 2008 12:03 pm    Post subject: Reply with quote
Wiccaan wrote:
http://www.extalia.com/forums/viewtopic.php?f=59&t=2899


As a mod, you should know not to advertise other forums.
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 205

Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
PostPosted: Sat Mar 01, 2008 12:11 pm    Post subject: Reply with quote
Rot1 wrote:
Wiccaan wrote:
http://www.extalia.com/forums/viewtopic.php?f=59&t=2899


As a mod, you should know not to advertise other forums.


Yea cause that was totally advertising. It was a referenced link that contains something on the subject of this topic. Simply because I'm an admin on that site doesn't make it advertising.

If I posted just Extalia.com itself, talked about the site, what it does, and tried getting people to come to it, that would be advertising.
_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
DeletedUser14087
I post too much
Reputation: 2

Joined: 21 Jun 2006
Posts: 3069
PostPosted: Sat Mar 01, 2008 12:24 pm    Post subject: Reply with quote
Wiccaan wrote:
Rot1 wrote:
Wiccaan wrote:
http://www.extalia.com/forums/viewtopic.php?f=59&t=2899


As a mod, you should know not to advertise other forums.


Yea cause that was totally advertising. It was a referenced link that contains something on the subject of this topic. Simply because I'm an admin on that site doesn't make it advertising.

If I posted just Extalia.com itself, talked about the site, what it does, and tried getting people to come to it, that would be advertising.


Outside links = advertisement.

don't argue with the rules.
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 205

Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
PostPosted: Sat Mar 01, 2008 12:55 pm    Post subject: Reply with quote
Rot1 wrote:
Outside links = advertisement.

don't argue with the rules.


Maybe for the Maple section, but apparently you haven't read the rules for this section. Beings that we have less annoyances in this section, our rules list is rather short and easy to follow. You can find our rules here:
http://forum.cheatengine.org/viewtopic.php?t=108553

Again, our rules do not have a "advertisement" rule (since thats what you want to call it, we'll go with that for now).

There are no global rules posted for the overall site itself.

If you are going to try to attack me, come with information that is valid for this section.

As for your idea of advertisement, apparently you have resourcing and advertisement mixed up.

Advertisement would be posting a link to another site with the intent to obtain more members, hits, or some type of revenue for the given site. Sorry, but that was not my intention by posting the link.

Resourcing would be posting a link to a topic at hand that contains more information that the user of the first question can make use of.

If posting a link to a reference is "against the rules" like you say it is, then almost every sticky topic in this section breaks "the rules".

Oh and on a side note, with these so called "rules" your signature breaks them as well as it links to and outside site.

Anyway, if you are not going to do anything but troll, don't post. Consider this a verbal warning. If you continue to keep going off-topic, I will give you an actual warning.
_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
peenott
How do I cheat?
Reputation: 0

Joined: 01 Mar 2008
Posts: 3
PostPosted: Sun Mar 02, 2008 7:33 am    Post subject: Reply with quote
Thanks All.

I now understand this principle.
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 205

Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
PostPosted: Sun Mar 02, 2008 9:43 am    Post subject: Reply with quote
peenott wrote:
Thanks All.

I now understand this principle.


Not a problem, and following what x0r said, you can do the same thing using the undocumented Nt functions to reset the flag for IsDebuggerPreset like:

Code:
BOOL ResetIsDebuggerFound()
{
   // Open The Process For Info Query (Mainly used just to get handle.)
   HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION, FALSE, GetCurrentProcessId() );

   // Kill The (PEB)->BeingDebugged Flag [PebBaseAddress+0x2]
   PROCESS_BASIC_INFORMATION pbi = {0};
   if( QueryProcessInformation( GetCurrentProcessId(), ProcessBasicInformation, &pbi, sizeof(PROCESS_BASIC_INFORMATION) ) )
   {
      BYTE bBeingDebugged = 0;
      memcpy( &bBeingDebugged, (LPVOID)((DWORD)pbi.PebBaseAddress+0x2), 1 );
      if( bBeingDebugged == 1 )
      {
         memset( (LPVOID)((DWORD)pbi.PebBaseAddress+0x2), 0, 1 );
         NtSetInformationProcess( hProcess, ProcessBasicInformation, &pbi, sizeof(PROCESS_BASIC_INFORMATION) );
         return TRUE;
      }
   }
   return FALSE;
}


QueryProcessInformation is just a wrapper for NtQueryInformationProcess to make it easier to do in 1 line of code instead of writing out the full blown thing each time. The wrapper function is:

Code:
BOOL QueryProcessInformation( DWORD dwProcId, PROCESSINFOCLASS infoEnum, void *pBuffer, unsigned cbBuffer )
{
   DWORD   dwRetLen;
   int      iRetVal;

   HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION, FALSE, dwProcId );
   if( !hProcess )
      return FALSE;

   memset( pBuffer, 0, cbBuffer );
   iRetVal = NtQueryInformationProcess( hProcess, infoEnum, pBuffer, cbBuffer, &dwRetLen );
   CloseHandle( hProcess );

   if( iRetVal < 0 )
      return FALSE;

   return TRUE;
}


Credits goto Matt Pietrek for that function, I rewrote it a bit but for the most part it's his code. (His a MVP from Microsoft that did a lot of stuff thats open source dealing with the undocumented Nt functions.)
_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites