Solved

SoftICE protection

Posted on 2001-06-23
7
346 Views
Last Modified: 2010-04-06
Soon I take a program which had protection from hardware debuggers like SoftICE
Have you got an idea how this can be done in Delphi?
0
Comment
Question by:razor111
7 Comments
 
LVL 1

Accepted Solution

by:
Dennis9 earned 200 total points
Comment Utility
Hi this should detect if Softice is runnig:

//SoftIce in W9x
Function IsSoftIce95Loaded: boolean;
Var hFile: Thandle;
Begin
 result := false;
 hFile := CreateFileA('\.SICE', GENERIC_READ or GENERIC_WRITE,
   FILE_SHARE_READ or FILE_SHARE_WRITE, nil, OPEN_EXISTING,
   FILE_ATTRIBUTE_NORMAL, 0);
 if( hFile <> INVALID_HANDLE_VALUE ) then begin
   CloseHandle(hFile);
   result := TRUE;
 end;
End;

// SoftIce in NT OS
Function IsSoftIceNTLoaded: boolean;
Var hFile: Thandle;
Begin
 result := false;
 hFile := CreateFileA('\.NTICE', GENERIC_READ or GENERIC_WRITE,
   FILE_SHARE_READ or FILE_SHARE_WRITE, nil, OPEN_EXISTING,
   FILE_ATTRIBUTE_NORMAL, 0);
 if( hFile <> INVALID_HANDLE_VALUE ) then begin
   CloseHandle(hFile);
   result := TRUE;
 end;
End;

//to detect it
if IsSoftIce95Loaded or IsSoftIceNTLoaded then
Application.Terminate
{if you insert a "Nag" (Message telling him he uses SoftIce) then a amatuer cracker w'll find this protection in notime}
//bestway of using this thing is in "project Unit"


Hope it helped

Dennis
0
 
LVL 5

Expert Comment

by:Gwena
Comment Utility
listening :-)
0
 
LVL 9

Expert Comment

by:ginsonic
Comment Utility
Me too .
Nick

P.S. I remember that I see on net  a component for this.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 1

Expert Comment

by:WiseGuy
Comment Utility
listening :-) 2
0
 
LVL 3

Expert Comment

by:smurff
Comment Utility
Dennis

All the cracker has to do is hex sice.exe and change one byte and thats it.

I remember a API call somewhere called ISDebuggerLoaded in the OS I`ll have a look

regards
Smurff
0
 
LVL 26

Expert Comment

by:Russell Libby
Comment Utility
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

Accept Dennis9's comment as answer

Please leave any comments here within the next seven days.
 
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
 
Thank you,
Russell

EE Cleanup Volunteer
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Objective: - This article will help user in how to convert their numeric value become words. How to use 1. You can copy this code in your Unit as function 2. than you can perform your function by type this code The Code   (CODE) The Im…
In my programming career I have only very rarely run into situations where operator overloading would be of any use in my work.  Normally those situations involved math with either overly large numbers (hundreds of thousands of digits or accuracy re…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now