How do I debug software that detaches as soon as I attach the debugger

This page summarizes the projects mentioned and recommended in the original post on /r/AskReverseEngineering
Debugger HacktoberFest anti-debugging Detect anti-debug

SurveyJS
Our great sponsors
  • SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
Our great sponsors

  • Detect-It-Easy

    Program for determining types of files for Windows, Linux and MacOS.

  • ScyllaHide

    Advanced usermode anti-anti-debugger. Forked from https://bitbucket.org/NtQuery/scyllahide

  • SurveyJS

    Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

  • TitanHide

    Hiding kernel-driver for x86/x64.

    If the poster is using x64dbg, there is another great alternative to ScyllaHide which is SharpOD, get the original files here (chinese website cause chinese author, just use google translate plugin in your browser). Where it really shines through is to remain undetected when ScyllaHide fails to do so, especially when the malware is packed by newer packers like VMProtect 3.5 (very annoying). If that's not enough too, check out TitanHide (risky), also an anti anti debugger but requires disabling PatchGuard beforehand (MUST use virtual machine).

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts