About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New


Customize Theme

Flag: Tornado! Hurricane!

 Forums >>  Target Specific - General  >>  reversing a target which is already debugging itself?

Topic created on: October 11, 2012 13:49 CDT by batman2xp .

How!

  waleedassar     October 11, 2012 17:55.32 CDT
A process can't debug itself since the "ZwDebugActiveProcess" function returns ERROR_ACCESS_DENIED if its first parameter is a handle to self.

Alternatively, you can spawn a helper process to do that.

  PeterFerrie     October 16, 2012 10:49.27 CDT
batman2xp, are you referring to a process which runs another copy of itself and debugs *that*?  if so, then you are too late.  what you need is to intercept the process creation and zero the debug port so that you can attach your own debugger.

Note: Registration is required to post to the forums.

There are 31,326 total registered users.


Recently Created Topics
what\'s the big idea...
Nov/13
Oct/23
Oct/23
Oct/23
Oct/23
Oct/23
Oct/23
Oct/23
Oct/23
Oct/23


Recent Forum Posts
Reverse Engineering ...
bytecod3r
Reverse Engineering ...
bytecod3r
Reverse Engineering ...
bytecod3r
Reverse Engineering ...
bytecod3r
Reverse Engineering ...
bytecod3r
let 'IDAPython' impo...
bytecod3r
Reverse Engineering ...
bytecod3r
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow


Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM
oleavr
Oct/24
Anatomy of a code tracer
hasherezade
Sep/24
IAT Patcher - new tool for ...
oleavr
Aug/27
CryptoShark: code tracer ba...
oleavr
Jun/25
Build a debugger in 5 minutes
More ...


Recent Blog Comments
nieo on:
Mar/22
IAT Patcher - new tool for ...
djnemo on:
Nov/17
Kernel debugger vs user mod...
acel on:
Nov/14
Kernel debugger vs user mod...
pedram on:
Dec/21
frida.github.io: scriptable...
capadleman on:
Jun/19
Using NtCreateThreadEx for ...
More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit