Stopping debugger attachments

Stopping debugger attachments

Menu > Link > Program Security > Anti-debugger

clip0528

Crash on Windows debugger attach

This option will cause your program to crash if a debugger is attached when your application starts running. Thinstall will also check for a debugger attachment while your application runs. If a debugger is attached, your program will crash immediately. This option will not detect kernel-level debuggers such as SoftIce (see options below).

Compatibility: This option is safe to enable for almost all applications. In some cases rare cases programs may be specifically designed to run under the operation of a debugger and this option cannot be used. Known cases where application must run under a debugger include:

·	Applications that use a debugger process to catch page faults and application crashes

·	Applications that already have some copy protection mecanisms built-in

Crash on SoftIce Running

This option will cause your program to crash if SoftIce is running on the end user's system, either when your application starts up or later as your program runs.

Compatibility: Depending on the type of application you are developing, the end user might have a valid reason for having SoftIce running. It has become more and more common for applications to detect softice and refuse to run while it is present. You may want to consider also enabling the option "Warn on SoftIce" installed if this option is enabled to reduce the number of technical support queries you might receive from your application crashing unexpected. The majority of SoftIce use is for cracking, however it is also used legitimately by low-level software developers such as device driver authors.

Warn on SoftIce Running

This look at the system registry to see if SoftIce has been installed and display a warning message to the user if it has been installed. The warning will occur wether or not SoftIce is running. See details below on how to change the messages displayed when this warning occurs.

Compatibility: This option does not effect the behavior of your program, it simply displays a warning message box when the program starts up.

Warn on SoftIce Installed

Before your program starts running, Thinstall will detect if SoftIce is running or not. If SoftIce is running, Thinstall will display a Message box stating the program will not run while SoftIce is loaded and then quit. This option will not check for SoftIce beyond program startup. To continuously check for SoftIce, you should also enable the option "Crash on SoftIce Running". See details below on how to change the messages displayed when this warning occurs.

Compatibility: See "Crash on SoftIce Running" for compatibility issues.

Prevent debugger attach using parent (not recommended)

This option causes your program to run with a parent process which starts a second process as the debug client. Because the client already has a debugger attached, traditional debuggers such as Microsoft Visual Studio will not be able to attach to the process. The parent process limits all operations to reduce memory requirements and to limit security risk.

Disadvantages:

·	2 processes will appear in the task list. One of the processes cannot be killed with Ctrl-alt-delete, instead the user will see a message stating the process is being debugged.

·	Additional memory is required by system because 2 processes are running. This memory size is around 2MB.

·	There are some compatibility issues that you need to watch out for

Compatibility: This option is the most likely to lead to problems. Programs that spawn multiple processes or are referenced by other processes using a Process-ID may have compatibility issues. If your program experiences any odd behavior, this option should not be enabled. In general this option should not be selected for .NET Applications.

Hide .NET Performance Data & debug

Visual Studio 2003 and 2005 do not attach directly to a process to debug them, instead they use shared memory blocks to communicate with the .NET Framework running inside of your process. This option makes .NET global memory objects invisible to other processes, so application such as process explorer will not recognize your application as .NET and external .NET debuggers such as Visual Studio will not be able to debug your application without first attaching to it. When "Crash on Windows debugger attached" is also enabled, this will prevent debugging of .NET applications.

Customizing Warning Messages

You can customize warning message displayed by editing your language & configuration file. This file also allows you to display warning messages in the user's local language (English, Spanish, Italian, etc). The following entries relate to warning messages:

security:softice_installed_title "WARNING: Possible incompatibility issue detected"
security:softice_installed_msg "Softice has been installed on this computer\nThis program mail become unstable or fail to function properly when Softice is running"
security:softice_running_title "WARNING: Compatibility issue detected"
security:softice_running_msg "Softice is currently running on this computer\nThis application is incompatible with softice.\nPlease unload softice and reboot"