Click here to Skip to main content
14,933,813 members
Please Sign up or sign in to vote.
3.50/5 (2 votes)
See more:
Hi,

We have our application which is written in C++. At some places we check if any debugger is attached to the application by following code

C++
char IsDbgPresent = 0;
__asm {
mov eax, fs:[30h]
mov al, [eax + 2h]
mov IsDbgPresent, al
}

if(IsDbgPresent)
{
 MessageBox(NULL, TEXT("Debugger Found!"), TEXT("Debugger Found!"), 0);
return true;
ExitProcess(1);
} 


When i tried to use the same code for 64 bit version, I found that __asm is no longer supported for 64 bit . I am aware that i can use IsDebuggerPresent instead of above code.

Can anybody let me know if we can translate above code to C/C++.

Thanks in advance.
Posted

You're correct. Inline assembler is not supported by Microsoft's 64bit compilers and there is no direct equivalent in C or C++ for the inline assembler you show. Partly because there is no way to address the FS register even indirectly from C/C++ code. You can use MASM with a separate assembler source file and link the result.
There is one way to solve this which I am currently working on and that is to use a Just In Time (JIT) assembler to generate callable assembly language code at runtime. Such a JIT is available for free at the AsmJit[^] project and soon within the QOR[^] but it is a large ammount of code to inlclude within your project for the sake of 1 function.
   
Comments
   
I did not know that because I did not try it since I have 64-bit systems. It's a shame I think. My 5.
—SA
Did you try Intrinsics[^]?

Something like this could work:
C++
unsigned long tmp = __readfsdword(0x30);
IsDbgPresent = *((char *)(tmp + 0x2));


I'm not sure if the offsets would change for 64 bit code, I tried to search but couldn't find any info on that.
   
Comments
Matthew Faithfull 22-Feb-13 4:32am
   
Good call, Id'd forgetten all about __readfsdword
The 32-bit registers are extended with 'r' registers, so 64-bit extensions of EAX, EBX, ECX, ESP are named RAX, RBX, RCX, RSP, etc. Please see:
http://en.wikipedia.org/wiki/X86-64[^],
http://forum.codecall.net/topic/52853-x86-64-register-chart/[^].

—SA
   
v2

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900