AntiDebugging

Whitecat18 · Whitecat18 · commit de0add75803b · 2026-01-29T00:17:31.000+05:30
Adding Antidebugging code snippets
diff --git a/AntiDebugging/CheckRemoteDebuggerPresent/Cargo.lock b/AntiDebugging/CheckRemoteDebuggerPresent/Cargo.lock
diff --git a/AntiDebugging/CheckRemoteDebuggerPresent/Cargo.toml b/AntiDebugging/CheckRemoteDebuggerPresent/Cargo.toml
@@ -0,0 +1,14 @@
+[package]
+name = "CheckRemoteDebuggerPresent"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]
+
+[dependencies.windows-sys]
+version = "0.61.2"
+features = [
+    "Win32_Foundation",
+    "Win32_System_Diagnostics_Debug",
+    "Win32_System_Threading"
+]
diff --git a/AntiDebugging/CheckRemoteDebuggerPresent/src/main.rs b/AntiDebugging/CheckRemoteDebuggerPresent/src/main.rs
@@ -0,0 +1,23 @@
+use windows_sys::Win32::System::{
+    Diagnostics::Debug::CheckRemoteDebuggerPresent,
+    Threading::{ExitProcess, GetCurrentProcess},
+};
+
+fn main() {
+    unsafe {
+        let mut is_debugger_present = 0;
+
+        let status = CheckRemoteDebuggerPresent(GetCurrentProcess(), &mut is_debugger_present);
+
+        if status != 0 && is_debugger_present == 1 {
+            println!("Debugger detected! Exiting process...");
+
+            let mut string = String::new();
+            std::io::stdin().read_line(&mut string).unwrap();
+
+            ExitProcess(u32::MAX);
+        } else {
+            println!("No debugger detected. Proceeding...");
+        }
+    }
+}
diff --git a/AntiDebugging/ProcessDebugPort/Cargo.lock b/AntiDebugging/ProcessDebugPort/Cargo.lock
diff --git a/AntiDebugging/ProcessDebugPort/Cargo.toml b/AntiDebugging/ProcessDebugPort/Cargo.toml
@@ -0,0 +1,15 @@
+[package]
+name = "ProcessDebugPort"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]
+
+[dependencies.windows-sys]
+version = "0.61.2"
+features = [
+    "Win32_Foundation",
+    "Win32_System_Diagnostics_Debug",
+    "Win32_System_Threading",
+    "Win32_System_LibraryLoader",
+]
diff --git a/AntiDebugging/ProcessDebugPort/src/main.rs b/AntiDebugging/ProcessDebugPort/src/main.rs
@@ -0,0 +1,55 @@
+use std::ffi::CString;
+
+use windows_sys::Win32::System::LibraryLoader::{GetProcAddress, LoadLibraryA};
+use windows_sys::Win32::System::Threading::{ExitProcess, GetCurrentProcess};
+
+const PROCESS_DEBUG_PORT: u32 = 7;
+
+use windows_sys::Win32::Foundation::{HANDLE, NTSTATUS};
+
+use windows_sys::core::s;
+
+#[allow(non_snake_case)]
+type NtQueryInfoProc = unsafe extern "system" fn(
+    ProcessHandle: HANDLE,
+    ProcessInformationClass: u32,
+    ProcessInformation: *mut i32,
+    ProcessInformationLength: u32,
+    ReturnLength: *mut u32,
+) -> NTSTATUS;
+
+fn main() {
+    unsafe {
+        let h_ntdll = LoadLibraryA(s!("ntdll.dll"));
+
+        if !h_ntdll.is_null() {
+            let func_name = CString::new("NtQueryInformationProcess").unwrap();
+            let func_ptr = GetProcAddress(h_ntdll, func_name.as_ptr() as *const u8);
+
+            if let Some(func_ptr) = func_ptr {
+                let nt_query_info_process: NtQueryInfoProc = std::mem::transmute(func_ptr);
+
+                let mut debug_port: i32 = 0;
+                let mut return_len: u32 = 0;
+
+                let status = nt_query_info_process(
+                    GetCurrentProcess(),
+                    PROCESS_DEBUG_PORT,
+                    &mut debug_port,
+                    std::mem::size_of::<i32>() as u32,
+                    &mut return_len,
+                );
+
+                if status >= 0 && debug_port == -1 {
+                    println!("Debugger detected via ProcessDebugPort! Exiting...");
+                    ExitProcess(u32::MAX);
+                } else {
+                    println!("No debugger detected (Port value: {:#X}).", debug_port);
+                }
+            }
+        }
+    }
+
+    let mut string = String::new();
+    std::io::stdin().read_line(&mut string).unwrap();
+}
diff --git a/AntiDebugging/README.md b/AntiDebugging/README.md
@@ -0,0 +1,7 @@
+## AntiDebugging in Rust
+
+AntiDebug Code Snippets ....
+
+## Resources
+
+* https://anti-debug.checkpoint.com/
diff --git a/AntiDebugging/debug_teb/Cargo.toml b/AntiDebugging/debug_teb/Cargo.toml
@@ -0,0 +1,23 @@
+[package]
+name = "debug_teb"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]
+
+[dependencies.windows-sys]
+version = "0.61.2"
+features = [
+    "Win32_Foundation",
+    "Win32_System_Threading",
+    "Win32_System_Memory",
+    "Win32_Security",
+    "Win32_Storage_FileSystem",
+    "Win32_System_Diagnostics_Debug",
+    "Win32_System_LibraryLoader",
+    "Win32_Security_Cryptography",
+    "Win32_System_Com",
+    "Win32_System_Registry",
+    "Win32_UI_Shell_Common",
+    "Win32_UI_WindowsAndMessaging"
+]
diff --git a/AntiDebugging/debug_teb/src/main.rs b/AntiDebugging/debug_teb/src/main.rs
@@ -0,0 +1,35 @@
+use windows_sys::Win32::UI::WindowsAndMessaging::{MB_OK, MessageBoxA};
+
+use std::arch::asm;
+use windows_sys::core::s;
+
+fn check_teb() -> i32 {
+    
+    #[allow(unused_assignments)]
+    let mut is_being_debugged: i32 = 0;
+    
+    unsafe {
+        asm!(
+            "mov rax, gs:[0x60]",
+            "movzx eax, byte ptr [rax + 0x02]",
+            "mov {0:e}, eax",
+            out(reg) is_being_debugged,
+        );
+    }
+    is_being_debugged
+}
+
+fn main() {
+    if check_teb() != 0 {
+        unsafe {
+            MessageBoxA(
+                std::ptr::null_mut(),
+                s!("Debugger Detected"),
+                s!("Info"),
+                MB_OK,
+            );
+        }
+    }
+}
+
+
