Jump to content
kvk1989

Sniffer tool detection function

Recommended Posts

Hi, 

I'm making a program and I want to add some sniffer tool detection function 

Like http debugger , ollydbg , x64dbg 

If detect these tools then program can force stop services 

Thanks !!

Share this post


Link to post

Do you already have an idea how to do it?

Or are you asking that we code it for you?

 

Share this post


Link to post
6 hours ago, kvk1989 said:

I want to add some sniffer tool detection function

Meaning what, exactly?  Are you trying to detect when specific tools are installed on the machine your app is running on?  If so, then do those tools even provide any means of detecting their installations?  Do they create Registry keys for themselves?  Do they create file system folders in predictable locations?  Do you know how to detect these tools manually, before you code any logic for them?

6 hours ago, kvk1989 said:

Like http debugger

Is that a SPECIFIC tool?  Because more than one HTTP debugger exist in the world.

6 hours ago, kvk1989 said:

If detect these tools then program can force stop services

What does detecting tools have to do with stopping services?  Why can't you just stop the services without the tools?

 

Please explain in more detail EXACTLY what you are trying to accomplish.

Share this post


Link to post
8 hours ago, FPiette said:

Do you already have an idea how to do it?

Or are you asking that we code it for you?

 

I don't have any idea I'm asking for codes

Share this post


Link to post
Quote

I don't have any idea I'm asking for codes

Then your request can't be satisfied because you don't provide any detail. There is no API that I am aware of the is generic across the kind of tool you ask. Please read again @Remy Lebeauanswer because it contain interesting hints.

Share this post


Link to post

My crystal ball says he just wants to prevent users from examining his app's traffic.

Use SSL with hostname verification and forget about sniffers.

Share this post


Link to post
function Find_Debugger_Window(): Boolean;
var
  whWnd: DWORD;
begin
  result := True;
  //ollydbg v1.1
  whWnd := FindWindow('icu_dbg', nil);
  if whWnd <> 0 then Exit;
  //ollyice pe--diy
  whWnd := FindWindow('pe--diy', nil);
  if whWnd <> 0 then Exit;
  //ollydbg ?-
  whWnd := FindWindow('ollydbg', nil);
  if whWnd <> 0 then Exit;
  //windbg
  whWnd := FindWindow('WinDbgFrameClass', nil);
  if whWnd <> 0 then Exit;
  //dede3.50
  whWnd := FindWindow('TDeDeMainForm', nil);
  if whWnd <> 0 then Exit;
  //IDA5.20
  whWnd := FindWindow('TIdaWindow', nil);
  if whWnd <> 0 then Exit;
  result := False;
end;

You can add more captions if you use Spy++ to obtain the caption of tools you want to check for.

Share this post


Link to post
On 4/18/2022 at 7:17 PM, dwrbudr said:

function Find_Debugger_Window(): Boolean;
var
  whWnd: DWORD;
begin
  result := True;
  //ollydbg v1.1
  whWnd := FindWindow('icu_dbg', nil);
  if whWnd <> 0 then Exit;
  //ollyice pe--diy
  whWnd := FindWindow('pe--diy', nil);
  if whWnd <> 0 then Exit;
  //ollydbg ?-
  whWnd := FindWindow('ollydbg', nil);
  if whWnd <> 0 then Exit;
  //windbg
  whWnd := FindWindow('WinDbgFrameClass', nil);
  if whWnd <> 0 then Exit;
  //dede3.50
  whWnd := FindWindow('TDeDeMainForm', nil);
  if whWnd <> 0 then Exit;
  //IDA5.20
  whWnd := FindWindow('TIdaWindow', nil);
  if whWnd <> 0 then Exit;
  result := False;
end;

You can add more captions if you use Spy++ to obtain the caption of tools you want to check for.

Ohh great thank for this 🙂

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×