Click here to Skip to main content
12,948,566 members (63,402 online)
Rate this:
 
Please Sign up or sign in to vote.
See more:
Hi,

We have our application which is written in C++. At some places we check if any debugger is attached to the application by following code

char IsDbgPresent = 0;
__asm {
mov eax, fs:[30h]
mov al, [eax + 2h]
mov IsDbgPresent, al
}
 
if(IsDbgPresent)
{
 MessageBox(NULL, TEXT("Debugger Found!"), TEXT("Debugger Found!"), 0);
return true;
ExitProcess(1);
} 


When i tried to use the same code for 64 bit version, I found that __asm is no longer supported for 64 bit . I am aware that i can use IsDebuggerPresent instead of above code.

Can anybody let me know if we can translate above code to C/C++.

Thanks in advance.
Posted 21-Feb-13 0:14am
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 2

You're correct. Inline assembler is not supported by Microsoft's 64bit compilers and there is no direct equivalent in C or C++ for the inline assembler you show. Partly because there is no way to address the FS register even indirectly from C/C++ code. You can use MASM with a separate assembler source file and link the result.
There is one way to solve this which I am currently working on and that is to use a Just In Time (JIT) assembler to generate callable assembly language code at runtime. Such a JIT is available for free at the AsmJit[^] project and soon within the QOR[^] but it is a large ammount of code to inlclude within your project for the sake of 1 function.
  Permalink  
Comments
   
I did not know that because I did not try it since I have 64-bit systems. It's a shame I think. My 5.
—SA
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 3

Did you try Intrinsics[^]?

Something like this could work:
unsigned long tmp = __readfsdword(0x30);
IsDbgPresent = *((char *)(tmp + 0x2));


I'm not sure if the offsets would change for 64 bit code, I tried to search but couldn't find any info on that.
  Permalink  
Comments
Matthew Faithfull 22-Feb-13 4:32am
   
Good call, Id'd forgetten all about __readfsdword
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 1

The 32-bit registers are extended with 'r' registers, so 64-bit extensions of EAX, EBX, ECX, ESP are named RAX, RBX, RCX, RSP, etc. Please see:
http://en.wikipedia.org/wiki/X86-64[^],
http://forum.codecall.net/topic/52853-x86-64-register-chart/[^].

—SA
  Permalink  
v2

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

    Print Answers RSS
Top Experts
Last 24hrsThis month
OriginalGriff 5,419
CHill60 3,275
Maciej Los 2,778
Jochen Arndt 1,935
ppolymorphe 1,795


Advertise | Privacy | Mobile
Web01 | 2.8.170524.1 | Last Updated 22 Feb 2013
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100