├── .gitignore
├── main.cpp
└── README.md


/.gitignore:
--------------------------------------------------------------------------------
 1 | # Prerequisites
 2 | *.d
 3 | 
 4 | # Compiled Object files
 5 | *.slo
 6 | *.lo
 7 | *.o
 8 | *.obj
 9 | 
10 | # Precompiled Headers
11 | *.gch
12 | *.pch
13 | 
14 | # Compiled Dynamic libraries
15 | *.so
16 | *.dylib
17 | *.dll
18 | 
19 | # Fortran module files
20 | *.mod
21 | *.smod
22 | 
23 | # Compiled Static libraries
24 | *.lai
25 | *.la
26 | *.a
27 | *.lib
28 | 
29 | # Executables
30 | *.exe
31 | *.out
32 | *.app
33 | 


--------------------------------------------------------------------------------
/main.cpp:
--------------------------------------------------------------------------------
 1 | #include <Windows.h>
 2 | #include <iostream>
 3 | 
 4 | DWORD WINAPI Dummy(LPVOID lpParam) {
 5 |     while (true) {
 6 |         Sleep(0);
 7 |     }
 8 |     return 0;
 9 | }
10 | 
11 | int main() {
12 |     HANDLE dummyThread = CreateThread(NULL, NULL, Dummy, NULL, NULL, NULL);
13 |     while (true) {
14 | 
15 |         if (ResumeThread(dummyThread) >= 1) {
16 |             printf("Caught Debugger");
17 |             //crash process
18 |             for (long long int i = 0; ++i; (&i)[i] = i);
19 |             *((char*)NULL) = 0;
20 |         }
21 | 
22 |         Sleep(1);
23 |     }
24 | }
25 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | AntiDebug POC
 2 | 
 3 | Catching debuggers using ResumeThread
 4 | 
 5 | When attaching a debugger, the thread will be suspended just for a moment therefore, by checking the thread's current suspend count, we can find out if we are being debugged.
 6 | To achieve that we will call the ResumeThread WinAPI function which will return the thread's suspend count (and subsequently reduce it by 1).
 7 | 
 8 | It goes without saying, that if your program suspends the thread, you should account for it on your Anti-Debugger.
 9 | 
10 | https://user-images.githubusercontent.com/45372336/179329323-133c521d-b263-47a4-ba68-5367ed56c85e.mp4
11 | 
12 | 


--------------------------------------------------------------------------------