__declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer)
{
typedef NTSTATUS (WINAPI *pNtQueryInformationProcess)(HANDLE ,UINT ,PVOID ,ULONG , PULONG);
DWORD NoDebugInherit = 0;
NTSTATUS Status;
HMODULE hNTDLL = GetModuleHandle(L"ntdll.dll");
if(hNTDLL == INVALID_HANDLE_VALUE)
{
sErrorMessage = TEXT("Failed to load ntdll");
return -1;
}
pNtQueryInformationProcess NtQIP = (pNtQueryInformationProcess)GetProcAddress(hNTDLL,"NtQueryInformationProcess");
if(NtQIP == NULL)
{
sErrorMessage = TEXT("Failed to load NtQueryInformationProcess");
return -1;
}
Status = NtQIP(GetCurrentProcess(),0x1f,&NoDebugInherit,4,NULL);
if (Status != 0x00000000)
{
sErrorMessage = TEXT("Error in NtQueryInformationProcess");
return -1;
}
if(NoDebugInherit == FALSE)
return 1;
else
return 0;
}
bool CheckProcessDebugPort()
{
// Much easier in ASM but C/C++ looks so much better
typedef int (WINAPI* pNtQueryInformationProcess)
(HANDLE, UINT, PVOID, ULONG, PULONG);
DWORD_PTR DebugPort = 0;
ULONG ReturnSize = 0;
int Status;
// Get NtQueryInformationProcess
pNtQueryInformationProcess NtQIP = (pNtQueryInformationProcess)
GetProcAddress(GetModuleHandle(TEXT("ntdll.dll")),
"NtQueryInformationProcess");
Status = NtQIP(GetCurrentProcess(),
0x7, // ProcessDebugPort
&DebugPort, sizeof(DebugPort), &ReturnSize);
if (Status != 0x00000000)
{
printf("NtQueryInformationProcess failed with %X, %d\n", Status, ReturnSize);
return false;
}
if (DebugPort)
return true;
else
return false;
}
bool CheckProcessDebugFlags()
{
// Much easier in ASM but C/C++ looks so much better
typedef int (WINAPI* pNtQueryInformationProcess)
(HANDLE, UINT, PVOID, ULONG, PULONG);
DWORD NoDebugInherit = 0;
int Status;
// Get NtQueryInformationProcess
pNtQueryInformationProcess NtQIP = (pNtQueryInformationProcess)
GetProcAddress(GetModuleHandle(TEXT("ntdll.dll")),
"NtQueryInformationProcess");
Status = NtQIP(GetCurrentProcess(),
0x1f, // ProcessDebugFlags
&NoDebugInherit, sizeof(NoDebugInherit), NULL);
if (Status != 0x00000000)
{
printf("NtQueryInformationProcess failed with %X\n", Status);
return false;
}
if (NoDebugInherit == FALSE)
return true;
else
return false;
}
bool CheckProcessDebugObjectHandle()
{
// Much easier in ASM but C/C++ looks so much better
typedef int (WINAPI* pNtQueryInformationProcess)
(HANDLE, UINT, PVOID, ULONG, PULONG);
DWORD_PTR DebugHandle = 0;
int Status;
ULONG ReturnSize = 0;
// Get NtQueryInformationProcess
pNtQueryInformationProcess NtQIP = (pNtQueryInformationProcess)
GetProcAddress(GetModuleHandle(TEXT("ntdll.dll")),
"NtQueryInformationProcess");
Status = NtQIP(GetCurrentProcess(),
30, // ProcessDebugHandle
&DebugHandle, sizeof(DebugHandle), &ReturnSize);
if (Status != 0x00000000)
{
if (Status != 0xC0000353) //STATUS_PORT_NOT_SET
printf("NtQueryInformationProcess failed with %X, %d\n", Status, ReturnSize);
return false;
}
if (DebugHandle)
{
CloseHandle((HANDLE)DebugHandle);
return true;
}
else
return false;
}