Solved

SoftICE protection

Posted on 2001-06-23
7
349 Views
Last Modified: 2010-04-06
Soon I take a program which had protection from hardware debuggers like SoftICE
Have you got an idea how this can be done in Delphi?
0
Comment
Question by:razor111
7 Comments
 
LVL 1

Accepted Solution

by:
Dennis9 earned 200 total points
ID: 6221856
Hi this should detect if Softice is runnig:

//SoftIce in W9x
Function IsSoftIce95Loaded: boolean;
Var hFile: Thandle;
Begin
 result := false;
 hFile := CreateFileA('\.SICE', GENERIC_READ or GENERIC_WRITE,
   FILE_SHARE_READ or FILE_SHARE_WRITE, nil, OPEN_EXISTING,
   FILE_ATTRIBUTE_NORMAL, 0);
 if( hFile <> INVALID_HANDLE_VALUE ) then begin
   CloseHandle(hFile);
   result := TRUE;
 end;
End;

// SoftIce in NT OS
Function IsSoftIceNTLoaded: boolean;
Var hFile: Thandle;
Begin
 result := false;
 hFile := CreateFileA('\.NTICE', GENERIC_READ or GENERIC_WRITE,
   FILE_SHARE_READ or FILE_SHARE_WRITE, nil, OPEN_EXISTING,
   FILE_ATTRIBUTE_NORMAL, 0);
 if( hFile <> INVALID_HANDLE_VALUE ) then begin
   CloseHandle(hFile);
   result := TRUE;
 end;
End;

//to detect it
if IsSoftIce95Loaded or IsSoftIceNTLoaded then
Application.Terminate
{if you insert a "Nag" (Message telling him he uses SoftIce) then a amatuer cracker w'll find this protection in notime}
//bestway of using this thing is in "project Unit"


Hope it helped

Dennis
0
 
LVL 5

Expert Comment

by:Gwena
ID: 6221918
listening :-)
0
 
LVL 9

Expert Comment

by:ginsonic
ID: 6222902
Me too .
Nick

P.S. I remember that I see on net  a component for this.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 1

Expert Comment

by:WiseGuy
ID: 6223542
listening :-) 2
0
 
LVL 3

Expert Comment

by:smurff
ID: 6224070
Dennis

All the cracker has to do is hex sice.exe and change one byte and thats it.

I remember a API call somewhere called ISDebuggerLoaded in the OS I`ll have a look

regards
Smurff
0
 
LVL 26

Expert Comment

by:Russell Libby
ID: 8685332
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

Accept Dennis9's comment as answer

Please leave any comments here within the next seven days.
 
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
 
Thank you,
Russell

EE Cleanup Volunteer
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A lot of questions regard threads in Delphi.   One of the more specific questions is how to show progress of the thread.   Updating a progressbar from inside a thread is a mistake. A solution to this would be to send a synchronized message to the…
Introduction The parallel port is a very commonly known port, it was widely used to connect a printer to the PC, if you look at the back of your computer, for those who don't have newer computers, there will be a port with 25 pins and a small print…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
I designed this idea while studying technology in the classroom.  This is a semester long project.  Students are asked to take photographs on a specific topic which they find meaningful, it can be a place or situation such as travel or homelessness.…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now