Function is_debugger_present

Source

pub fn is_debugger_present() -> Result<bool, Error>

Expand description

Checks if a debugger is currently attached to the process.

This function performs platform-specific checks to detect whether a debugger is actively attached to the current process.

§Platform-specific Behavior

Windows: Uses IsDebuggerPresent. When the deep-detect feature is enabled, additionally checks CheckRemoteDebuggerPresent and NtQueryInformationProcess.
Linux/Android: Checks the TracerPid field in /proc/self/status.
macOS: Uses proc_pidinfo to retrieve proc_bsdinfo and checks the pbi_flags field.
Other platforms: Compilation error.

§Return Value

Returns Ok(true) if a debugger is detected, Ok(false) if no debugger is present, or Err(std::io::Error) if the check could not be performed due to a system error.

§Examples

match anti_debug::is_debugger_present() {
    Ok(true) => println!("Debugger detected!"),
    Ok(false) => println!("No debugger present"),
    Err(e) => println!("Error checking for debugger: {}", e),
}

§Notes

This detection can be bypassed by skilled attackers using advanced anti-anti-debugging techniques
Some debuggers may not be detected depending on their attachment method
The check is performed at the moment the function is called and may not reflect subsequent attachment/detachment of debuggers

Examples found in repository ?

examples/ci_anti_debug.rs (line 3)

1fn main() {
2    let enable = std::env::var("ANTI_DEBUG").is_ok();
3    if enable && anti_debug::is_debugger_present().unwrap_or(false) {
4        panic!("debugger detected");
5    }
6}

is_debugger_present

Function is_debugger_present Copy item path