hello,
I was curious to know how vista handles debuggers and INT3 interrupt.
So in 2k/xp it was easy to hook into that interrupt to stop a debugger
attachment. I believe that is not the case for Vista. Can some one explain
to me why that wouldn’t work (no, I am not interested in hacking vista. just
curious to know).
Thanks
B
Trying to stop a debugger from being used on a system where the user is admin (or admin-equivalent, e.g. physical access) is never going to succeed and will only discourage users from running your code, period.
The breakpoint and debug exception int handlers are typically used, however. These get turned into DebugObject or Alpc notifications which make their way to the debugger’s WaitForDebugEvent call.
From: Bedanto
Sent: Tuesday, November 18, 2008 00:39
To: Windows System Software Devs Interest List
Subject: [ntdev] debugger
hello,
I was curious to know how vista handles debuggers and INT3 interrupt.
So in 2k/xp it was easy to hook into that interrupt to stop a debugger attachment. I believe that is not the case for Vista. Can some one explain to me why that wouldn’t work (no, I am not interested in hacking vista. just curious to know).
Thanks
B
— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer