wraith/manipulation/antidebug/
mod.rs1mod heap_flags;
7mod peb_flags;
8mod thread_hide;
9
10pub use heap_flags::{check_heap_flags, clear_heap_flags};
11pub use peb_flags::{
12 check_being_debugged, check_nt_global_flag, clear_being_debugged, clear_nt_global_flag,
13 full_peb_cleanup,
14};
15pub use thread_hide::{get_hidden_threads, hide_current_thread, hide_thread, is_thread_hidden};
16
17use crate::error::Result;
18
19pub fn full_cleanup() -> Result<()> {
26 full_peb_cleanup()?;
27 clear_heap_flags()?;
28 Ok(())
29}
30
31pub fn is_debugger_present() -> Result<bool> {
33 if check_being_debugged()? {
35 return Ok(true);
36 }
37
38 if check_nt_global_flag()? {
40 return Ok(true);
41 }
42
43 if check_heap_flags()? {
45 return Ok(true);
46 }
47
48 Ok(false)
49}
50
51#[derive(Debug, Clone)]
53pub struct DebugStatus {
54 pub being_debugged: bool,
55 pub nt_global_flag: bool,
56 pub heap_flags: bool,
57}
58
59impl DebugStatus {
60 pub fn any_detected(&self) -> bool {
62 self.being_debugged || self.nt_global_flag || self.heap_flags
63 }
64}
65
66impl std::fmt::Display for DebugStatus {
67 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
68 writeln!(f, "Debug Status:")?;
69 writeln!(
70 f,
71 " BeingDebugged: {}",
72 if self.being_debugged { "YES" } else { "no" }
73 )?;
74 writeln!(
75 f,
76 " NtGlobalFlag: {}",
77 if self.nt_global_flag { "YES" } else { "no" }
78 )?;
79 writeln!(
80 f,
81 " HeapFlags: {}",
82 if self.heap_flags { "YES" } else { "no" }
83 )
84 }
85}
86
87pub fn get_debug_status() -> Result<DebugStatus> {
89 Ok(DebugStatus {
90 being_debugged: check_being_debugged()?,
91 nt_global_flag: check_nt_global_flag()?,
92 heap_flags: check_heap_flags()?,
93 })
94}