Skip to content

Commit

Permalink
Spelling cleanup (#268)
Browse files Browse the repository at this point in the history
* corrected spelling in comment

* corrected spelling in comment

* corrected spelling in comment
  • Loading branch information
iamjplant authored Feb 16, 2024
1 parent 1879863 commit d028a0e
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 3 deletions.
2 changes: 1 addition & 1 deletion al-khaser/AntiDebug/CloseHandle_InvalidHandle.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@


/*
APIs making user of the ZwClose syscall (such as CloseHandle, indirectly)
APIs making use of the ZwClose syscall (such as CloseHandle, indirectly)
can be used to detect a debugger. When a process is debugged, calling ZwClose
with an invalid handle will generate a STATUS_INVALID_HANDLE (0xC0000008) exception.
As with all anti-debugs that rely on information made directly available.
Expand Down
2 changes: 1 addition & 1 deletion al-khaser/AntiDebug/LowFragmentationHeap.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ Routine Description:
Originally found by Souhail Hammou:
http://rce4fun.blogspot.com/2014/02/anti-debugging-trick-checking-for-low.html
Under a debugger, the process does not have a Low Fragmentation Heap (LFH)
The routine simply checks weather the nt!_HEAP.FrontEndHeap is NULL.
The routine simply checks whether the nt!_HEAP.FrontEndHeap is NULL.
Arguments:
Expand Down
2 changes: 1 addition & 1 deletion al-khaser/AntiDebug/ProcessHeap_Flags.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
#include "ProcessHeap_Flags.h"

/*
When a program is run under a debugger, and is created using the debug process creation flags. The heap flags are changed.
When a program is run under a debugger, and is created using the debug process creation flags, the heap flags are changed.
These Flags exit at a different location depending upon the version of the operating system.
On Windows XP, these flags exist at 0x0C offset from heap base in 32bit system and offset 0x14 in 64bits
On Windows 7, these flags exist at 0x40 offset from heap base in 32bit system and offset 0x70 in 64bits.
Expand Down

0 comments on commit d028a0e

Please sign in to comment.