Go Back

Anti-debugger protection

Lately I've seen an increased number of games use anti-debugger protection. This is mostly because a lot of them use the same copy protection. For example, it seems all the Steam games (at least the ones I have tried) have the same anti-debugger protection.

The effect seems to be roughly the same with the various protections. They all seem to crash the game after you place a breakpoint (either hardware or an int-3 breakpoint) inside it.

Now I have actually been too lazy to figure out exactly what's causing this issue. But I have some idea's which I'll have to play with in the future.

However there is an easy way around the issue. Use a kernel debugger that also supports debugging user-mode applications.

I've tried WinDBG, but its kernel debugger requires you to connect two pc's together with a serial cable. I got this working with VMware, however I got an error trying to attach to a user-mode application. It might still be possible with WinDBG, but I got bored trying to figure out why I was getting errors.

VMware also had an internal remote kernel debugger, however it doesn't support user-mode application debugging, at least not for Windows guest-os.

I also tried Syser and while it can do exactly what I want, I couldn't get it to work with my PC (Clean WinXP install with Syser, BSOD whenever Syser activated). Then I played around with it a bit more and found out that it works perfectly inside a VMware guest-os.

So to get around the anti-debugger protection (for now) I ended up using a WinXP guest-os inside a VMware machine with Syser installed. That said I do hope that Syser fixes support for the newer nvidia-graphics cards soon so I can debug without the use of VMware.

Posted by: Da_Teach on Friday, January 1, 2010  •  Syser WinDBG Anti-Debugger

  • Facebook
  • Twitter
  • DZone It!
  • Digg It!
  • StumbleUpon
  • Technorati
  • Del.icio.us
  • NewsVine
  • Reddit
  • Blinklist
  • Add diigo bookmark