-
Notifications
You must be signed in to change notification settings - Fork 5
/
NtQueryProcessInformation.dpr
51 lines (40 loc) · 1.1 KB
/
NtQueryProcessInformation.dpr
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
program NtQueryProcessInformation;
{$APPTYPE CONSOLE}
{$R *.res}
uses
Winapi.Windows,
System.SysUtils;
function NtQueryInformationProcess(
ProcessHandle : THandle;
ProcessInformationClass : DWORD;
ProcessInformation : Pointer;
ProcessInformationLength : ULONG;
ReturnLength : PULONG
): LongInt; stdcall; external 'ntdll.dll';
// https://docs.microsoft.com/en-gb/windows/win32/api/winternl/nf-winternl-ntqueryinformationprocess
function isDebuggerPresent(): Boolean;
var hProcess : THandle;
APortNumber : DWORD;
ARetLen : Cardinal;
const ProcessDebugPort = 7;
begin
hProcess := GetCurrentProcess();
if hProcess = 0 then
Exit();
///
if NtQueryInformationProcess(hProcess, ProcessDebugPort, @APortNumber, sizeOf(DWORD), @ARetLen) <> ERROR_SUCCESS then
Exit();
result := APortNumber <> 0;
end;
begin
try
if isDebuggerPresent() then
raise Exception.Create('Debugger Detected !');
WriteLn('No Debugger Detected :)');
except
on E: Exception do
Writeln(E.ClassName, ': ', E.Message);
end;
WriteLn('Press a return key to close application.');
ReadLn;
end.