Skip to content

Anti Debug Protection

Jump to bottom
Martin Karing edited this page Nov 23, 2019 · 3 revisions

ID: anti debug
Preset: Minimum
Availability: ConfuserEx ConfuserEx 2

This protection prevents the assembly from being debugged or profiled.

Parameters

  • mode: This parameter define the used anti debug engine. Supported values are:
    • safe: ConfuserEx would detect debugger/profiler using managed API (default)
    • win32: ConfuserEx would detect debugger/profiler using unmanaged WinAPI (Incompatible with OS other than Windows)
    • antinet: ConfuserEx would detect debugger/profiler using antinet by @0xd4d (Produces unverifiable modules, incompatibile with Mono)

Example

<protection id="anti debug">
  <argument name="mode" value="win32" />
</protection>

Remarks

It's in general only useful to apply this protection to the main assembly of an application. It can be applied to all assemblies, but this may add some additional CPU load to the application as the protection code will maintain an dedicated thread to monitor for a debugger. If the protection is applied to multiple assemblies, there will be as many monitoring threads.

This protection only provides a minimal amount of additional protection, as it can be quite easily be removed by applications like dnspy by @0xd4d.

The protection can be safely applied to applications and is very unlikely to cause runtime issues or trigger false positives in anti virus scanners.

Protections

  1. Anti Debug Protection
  2. Anti Dump Protection
  3. Anti IL Dasm Protection
  4. Anti Tamper Protection
  5. Constants Protection
  6. Control Flow Protection
  7. Invalid Metadata Protection
  8. Name Protection
  9. Protection Hardening
  10. Reference Proxy Protection
  11. Resources Protection
  12. Type Scramble Protection
  13. Watermark
Clone this wiki locally