Function GetParentDbg() As Long '查看我们的父进程的文件名是一个已知的调试器
Local a As String
a=LCase$(GetParentProcname(GetParentPID(0)))
Select Case a
Case "ollydbg.exe", "olly.exe", _
"immunitydebugger.exe", "immunity.exe", _
"debug.exe", "debug.com", "debugger.exe", _
"debuggy.exe", _
"gdb.exe", _
"gobug.exe", _
"windbg.exe", "windbg64.exe", "windbg (x86).exe", "windbg (x64).exe", "cdb.exe", "kd.exe", "livekd.exe", "dbgsrv.exe", "ntsd.exe", _
"idag.exe", "idaw.exe", "idaw64.exe", "idaq.exe", "idau.exe", "idau64.exe", "win32_remote.exe", "win64_remotex64.exe"
? "调试器检测作为我们的父" & $CrLf & a
Case Else
? "父进程没有被调试的文件名" & $CrLf & a
End Select
End Function
1号(370037607)
2号(1102028601)