🔐Blog of Osanda

Security Researching and Reverse Engineering

Skip to content
  • 🏠 Home
  • 🔒 My Advisories
  • 💊 Cool Posts
    • 💉 SQLi
    • 🕷 Web App Security
    • 🔨 Tools
    • ☢ Exploits
    • 🔧 Reverse Engineering
    • 🔬 Malware Analysis
  • ☠ Shellcodes
  • ☣ About

anti-debugging

  • Osanda Malith Jayathissa
  • April 23, 2016
  • 4 Comments

Debugger Detection Using NtGlobalFlag

This is another simple anti-reversing trick used to detect a debugger. As I have shown earlier in my post about the TEB structure and the PEB structure, NtGlobalFlag is located in the PEB Structure at offset PEB+104.

View post on imgur.com

When the process is being debugged the NtGlobalFlag is set to 0x70.

View post on imgur.com


(more…)

Reversing, Uncategorized
anti-debugging, Reverse Engineering

Search

Archives

Categories

Follow Blog via Email

Enter your email address to follow this blog.

Join 711 other subscribers

Translate

Tweets

My Tweets

Blog Stats

  • 716,803 hits
Buy Me A Coffee

Tags

.net 0day 3rd-degree AHK anti-debugging api monitor ARM arrays asm assembly AutoHotKey AutoIt bash blogging blue team bootloader borland C buffer overflow buffer overflow; 0day; exploit; acunteix; ascii; shellcode Bypass C c/c++ Certs challenge challenges chmod cloudflare crackme Crash CreateMinidump crypto CSRF ctf Delete; MySQL DLL DLL Hijacking DoS drivers eCXD EE EE 4GEE EE 4GEE Mini egg hunting eLearnSecurity elf eWAPT eWPT ewptx Exe exploit exploit dev exploit development Faultrep Flare on format string game hacking gdb gpedit.msc group policy editor HEVD information_schema iOS iPhone java joomla joomla 3.1.2 kernel LFI LinkedIn lsass Malware mariadb Microsoft mimikatz minifilter mmc.exe mobile partner Moodle MS-DOS MSN MyBB MyBB 1.6.12 MySQL Olly PE Pentesting PHP pic PoC POST XSS Privilege Escalation Programming python raspberry p rce RE red teaming Referer XSS registry reverse Reverse Engineering reversing root-me router SecurityNet.org security researchers shellcode shellshock special thanks SQL; SQLi; Injection; insert; Update SQLi SQL injection stack overflow Stored XSS Sysmon table names table_name technology tools TP-Link visual C vulnerable version WAF web app Web Application Security WebARX windows windows kernel Wireshark WMI WQL WQL Injection XDS XSS ZTE
  • Home
  • ☠ Shellcodes
  • ☣ About
  • 💊 Cool Posts
  • 🔒 My Advisories