如何检测可能正在分析软件的调试器或其他工具? [英] How can I detect a debugger or other tool that might be analysing my software?
问题描述
一个非常简单的情况。我正在使用Delphi 2007中的一个应用程序,该应用程序通常被编译为发布,但仍在调试器下运行。有时它也将在SilkTest下运行,以进行回归测试。虽然这很有趣,但是我想做一些特别的事情...
A very simple situation. I'm working on an application in Delphi 2007 which is often compiled as 'Release' but still runs under a debugger. And occasionally it will run under SilkTest too, for regression testing. While this is quite fun I want to do something special...
我想检测我的应用程序是否在调试器/回归测试器中运行,如果是这种情况,我希望应用程序知道使用哪个工具! (因此,当应用程序崩溃时,我可以在错误报告中报告此信息。)
I want to detect if my application is running within a debugger/regression-tester and if that's the case, I want the application to know which tool is used! (Thus, when the application crashes, I could report this information in it's error report.)
有什么建议和解决方案吗?
Any suggestions, solutions?
推荐答案
您可以检查启动应用程序的父进程。
和 CreateToolhelp32Snapshot / Process32First / Process32Next 应用程序PID的父PID( PROCESSENTRY32.th32ParentProcessID 或 TProcessEntry32.th32ParentProcessID )。然后获取父PID的文件名,以与要检查的应用程序进行比较,例如SilkTest。
You can check the parent process that started your application.
With CreateToolhelp32Snapshot/Process32First/Process32Next get the parent PID (PROCESSENTRY32.th32ParentProcessID or TProcessEntry32.th32ParentProcessID) for your application PID. Then get the filename for the parent PID to compare with the applications you want to check for, like SilkTest.
检查本文了解代码用法。
除 IsDebuggerPresent 和 CheckRemoteDebuggerPresent ,您还可以查询 PEB.BeingDebugged (PEB为流程环境块,要获取PEB,您必须查询TEB,即线程环境块)。
In addition to IsDebuggerPresent and CheckRemoteDebuggerPresent, you can also query PEB.BeingDebugged (PEB is Process Environment Block, to get PEB you must query TEB, which is the Thread Enviroment Block).
这篇关于如何检测可能正在分析软件的调试器或其他工具?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
