Function deny_attach 

pub fn deny_attach() -> Result<(), Error>

Attempts to prevent debuggers from attaching to the current process.

This function performs platform-specific operations to prevent debuggers from attaching to the current process.

Platform-specific Behavior

• Windows/Linux/Android: There is no way to prevent the debugger from attaching in the future. Checks if a debugger is currently attached using is_debugger_present. If a debugger is detected, returns an error.
• macOS: Uses ptrace with the PT_DENY_ATTACH flag.
• Other platforms: Compilation error.

Return Value

• Returns Ok(()) if:
  • On Windows/Linux/Android: No debugger is currently attached.
  • On macOS: The ptrace(PT_DENY_ATTACH) call succeeded.
• Returns Err(std::io::Error) if:
  • On Windows/Linux/Android: A debugger is currently attached.
  • On macOS: The ptrace system call failed.
  • Any platform-specific system call fails.

Examples

if let Err(e) = anti_debug::deny_attach() {
    println!("Debugger protection failed: {}", e);
}

Notes

• This detection can be bypassed by skilled attackers using advanced anti-anti-debugging techniques
• Some debuggers may not be detected depending on their attachment method
• On Windows/Linux/Android, this is a detection-based approach. i.e. passive detection

Examples found in repository

examples/ci_deny_attach.rs (line 4)

fn main() {
    let enable = std::env::var("ANTI_DEBUG").is_ok();
    if enable {
        anti_debug::deny_attach().unwrap();
    }
}