hi ,
I wrote a filter driver that will hook processing functions ,I want to detect that Which process runs in debug mode at runtime ?
I first got the Peb structure address and then got a field value BeingDebug , This field has the wrong number ,
Please tell me how can I detect that a debugger executes the process? thanks ,
I wrote a filter driver that will hook processing functions ,I want to detect that Which process runs in debug mode at runtime ?
I first got the Peb structure address and then got a field value BeingDebug , This field has the wrong number ,
Please tell me how can I detect that a debugger executes the process? thanks ,
