IsDebuggerPresent doesnt trigger on disassembler
It does in RAM when starting... or can be made to!
E.G.-> w/ a little bit of code ontop, couple lines @ most really for basic function. Test its return errlevel from said API call, & wrap it in an if-then statement, w/ whatever terminating result on that 1/0 or True/False return variable errlevel turns out to be, you add 1 more line of API code, (or more even) to do what you wish as a final resulting action/activity...
There is also calls & functions to catch tools like SoftIce & other dissassembly tools, specifically which can be adapted for similar purposes, & in combination with the ONLY valid use of a hardcode I can think of?
It works, even against disassemblers, while it is running...
APK
P.S.=> I use a method also that messes up debuggers & yes, resource editors! IF you try to mess it up, while running, lol, or even on disk (you had best do a perfect job, real "rembrandt level" work hacking it, or jumping lines in it & here is why)? It will check its size on disk, lol, & always does + thruout its running duration (some apps use timers, others do it as a function call from EVERY procedure & some do both that I have written)!
First, here is what they thought about it @ SLASHDOT & coders like John Carmack hang there:
Code Auditing the Defcon Way
http://it.slashdot.org/comments.pl?sid=158231&cid=13257227
Nuff said, on that account, well... MORE fine-grained detail, because it's not just sizechecks alone
& it actually DOES ESTABLISH A VALID REASON FOR A HARDCODE, if you read those details, you will understand & most likely agree.
Heh, if you try to get @ my apps' resources, internally, other than its Application strings for version, about, etc (this I leave open, for information's sake, like my email contact info as well, for tech support & don't have to, but do for those reasons)... but stuff like its bitmaps/jpgs image resources, instead... ?
It'll say a virus may be infecting it, which IS true (most exe virii create a larger sized file once they add their code to a program, even a Win32 PE type)... & it's true if someone gets around my method of debugger screwup, lol, for sure, if THEIR version is run @ startup & periodically on function call events in most of them, or a timer??
Then, I am VERY kind imo, because I could do much worse? THEN, the program(s) will shutdown gracefully... fast! IIRC, I even built that into the screensaver you host here, it also has it.
Its rudimentary antivirus protection, built in via that method, checking its "weight" so to speak, lol? Is also its defense against hacked versions, in fact... it helps! Std. equipment in apps I build... apk
