Comments on: Detecting user-mode debuggers under Windows https://grey-panther.net/2009/01/detecting-user-mode-debuggers-under-windows.html Just another WordPress site Fri, 07 Aug 2009 06:08:13 +0000 hourly 1 https://wordpress.org/?v=6.9 By: Cd-MaN https://grey-panther.net/2009/01/detecting-user-mode-debuggers-under-windows.html#comment-301 Fri, 07 Aug 2009 06:08:13 +0000 https://grey-panther.net/?p=488#comment-301 @Anonymous: if I recall correctly I've done the test with Delphi 7 under Windows XP SP2. Maybe Visual C initializes the heap allocator in a different way.

PS. I just tried this with MSVC 2008 under Windows 7, and it always seems to overwrite the freed region (tried it with malloc/free and HeapAlloc/HeapFree with GetProcessHeap and HeapCreate). Maybe it is a new protection scheme introduced in Vista/7. Also, it is possible that the behavior changes depending on the allocation size/pattern.

]]> By: Anonymous https://grey-panther.net/2009/01/detecting-user-mode-debuggers-under-windows.html#comment-303 Fri, 07 Aug 2009 05:34:50 +0000 https://grey-panther.net/?p=488#comment-303 Whether a debugger is attached or not, the freed memory is modified. Tested with MSCV 2005 SP1/SDK 6.1.

]]>