search

mkaring / ConfuserEx

An open-source, free protector for .NET applications
https://mkaring.github.io/ConfuserEx/
MIT License
2.31k stars 350 forks source link

AntiDebug causes application startup crash #426

Closed digocesar closed 2 years ago

digocesar commented 2 years ago

On some Windows 10 machines the application does not start if I use Anti Debug protection. In Windows Event Viewer it says the following callstack:

en System.Environment.FailFast(System.String) en .‌‏‪‏‎‏‍‏‍‫‫‏‪‏‫‌(System.String) en .‫‫‫‪‌‍‍‏‍‌‎‏‫‫‍‎‎() en ..cctor()

I've tried safe mode and win32 mode. But it didn't work. I have no idea what might be going on. Would it be too bad to distribute the application without this protection?

mkaring commented 2 years ago

It's not the end of the world if you disable the protection.

There is something on your runtime environment that triggers the protection. There is away to find out what exactly is causing it, by adding some messages to the FailFast calls. That would be here. If you do that and protect your assembly with this self compiled version, you are going to see the message if the failure reason in the event log.

This would help to identify the root of the issue.

digocesar commented 2 years ago

Hi @mkaring This suggestion of log message on FailFast will show me in what point of the code it is stopping. But if it point me to Debugger.IsAttached validation, how can I find which program on user's machine is trying to debug my application?

mkaring commented 2 years ago

Is your application launched by any other application that may attach as a debugger?

Alternatively it could be something using the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options registry key. Is your executable name listed in there and has the key value called "Debugger" ?

You also could use the Process Monitor to check if any other application is interacting with yours during startup.

digocesar commented 2 years ago

I had tested and find that the debug protection is killing my application because COR_ENABLE_PROFILING variable is set to "1". https://github.com/mkaring/ConfuserEx/blob/master/Confuser.Runtime/AntiDebug.Safe.cs#L14-L16

Do you know what program use this variable? A solution should be just set this variable to "0"? Or broke some other application on the user machine?

github-actions[bot] commented 2 years ago

This issue needs more information and has not had recent activity. Please provide the missing information or it will be closed in 7 days. Thanks!

github-actions[bot] commented 2 years ago

Closing this issue because it needs more information and has not had recent activity. Please re-open this issue if more details can be provided. Thanks!

github-actions[bot] commented 2 years ago

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.