Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C++ Windows ASM
Hi,
 
We have our application which is written in C++. At some places we check if any debugger is attached to the application by following code
 
char IsDbgPresent = 0;
__asm {
mov eax, fs:[30h]
mov al, [eax + 2h]
mov IsDbgPresent, al
}
 
if(IsDbgPresent)
{
 MessageBox(NULL, TEXT("Debugger Found!"), TEXT("Debugger Found!"), 0);
return true;
ExitProcess(1);
} 
 
When i tried to use the same code for 64 bit version, I found that __asm is no longer supported for 64 bit . I am aware that i can use IsDebuggerPresent instead of above code.
 
Can anybody let me know if we can translate above code to C/C++.
 
Thanks in advance.
Posted 21-Feb-13 1:14am
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

You're correct. Inline assembler is not supported by Microsoft's 64bit compilers and there is no direct equivalent in C or C++ for the inline assembler you show. Partly because there is no way to address the FS register even indirectly from C/C++ code. You can use MASM with a separate assembler source file and link the result.
There is one way to solve this which I am currently working on and that is to use a Just In Time (JIT) assembler to generate callable assembly language code at runtime. Such a JIT is available for free at the AsmJit[^] project and soon within the QOR[^] but it is a large ammount of code to inlclude within your project for the sake of 1 function.
  Permalink  
Comments
Sergey Alexandrovich Kryukov at 22-Feb-13 0:04am
   
I did not know that because I did not try it since I have 64-bit systems. It's a shame I think. My 5.
—SA
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 3

Did you try Intrinsics[^]?
 
Something like this could work:
unsigned long tmp = __readfsdword(0x30);
IsDbgPresent = *((char *)(tmp + 0x2));
 
I'm not sure if the offsets would change for 64 bit code, I tried to search but couldn't find any info on that.
  Permalink  
Comments
Matthew Faithfull at 22-Feb-13 4:32am
   
Good call, Id'd forgetten all about __readfsdword
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

The 32-bit registers are extended with 'r' registers, so 64-bit extensions of EAX, EBX, ECX, ESP are named RAX, RBX, RCX, RSP, etc. Please see:
http://en.wikipedia.org/wiki/X86-64[^],
http://forum.codecall.net/topic/52853-x86-64-register-chart/[^].
 
—SA
  Permalink  
v2

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 350
1 Jochen Arndt 150
2 PIEBALDconsult 110
3 Richard MacCutchan 105
4 Sergey Alexandrovich Kryukov 104
0 OriginalGriff 6,055
1 DamithSL 4,621
2 Maciej Los 4,087
3 Kornfeld Eliyahu Peter 3,500
4 Sergey Alexandrovich Kryukov 3,294


Advertise | Privacy | Mobile
Web03 | 2.8.141220.1 | Last Updated 22 Feb 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100