OllyDbg is a popular 32-bit usermode debugger. SoftICE uses interrupt 1 to debug, so if interrupt 1 is installed, SoftICE is running. If SoftICE is installed, the user is probably a hacker or a reverser.
Search for the SoftICE install directory. To detect SoftICE, there are a number of techniques that can be used: The IsDebuggerPresent API function will not detect the presence of SoftICE. SoftICE is a local kernel debugger, and as such, it can't be detected as easily as a user-mode debugger can be. If the system has many threads to run, or if some threads are hogging processor time, your program may detect a long delay and may falsely determine that the program is being debugged. Notice that on preemptive multithreading systems, such as modern Windows or Linux systems will switch away from your program to run other programs. If a program is taking too much time, the program can terminate. If too much time has elapsed between instructions, it can be determined that the program is being stopped and analyzed (although this is not always the case). 
A program can detect this, by monitoring the system clock. Timeouts ĭebuggers can put break points in the code, and can therefore stop program execution.
0 kommentar(er)
