Warn when certain anti-cheat drivers are detected

src/dbg/debugger.cpp

@@ -36,6 +36,7 @@
 #include "exprfunc.h"
 #include "debugger_cookie.h"
 #include "debugger_tracing.h"
+#include "handles.h"
 
 // Debugging variables
 static PROCESS_INFORMATION g_pi = {0, 0, 0, 0};
@@ -2953,6 +2954,19 @@ void dbgsetforeground()
 
 void dbgcreatedebugthread(INIT_STRUCT* init)
 {
+    if(settingboolget("Misc", "CheckForAntiCheatDrivers"))
+    {
+        auto loadedDrivers = LoadedAntiCheatDrivers();
+        if(!loadedDrivers.empty())
+        {
+            auto translatedFormat = GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "Drivers known to interfere with x64dbg's operation have been detected.\n\nList of drivers:\n%s\n\nDo you want to continue debugging?"));
+            auto message = StringUtils::sprintf(translatedFormat, loadedDrivers.c_str());
+            auto continueDebugging = GuiScriptMsgyn(message.c_str());
+            if(!continueDebugging)
+                return;
+        }
+    }
+
     auto event = init->event = CreateEventW(nullptr, false, false, nullptr);
     hDebugLoopThread = CreateThread(nullptr, 0, [](LPVOID lpParameter) -> DWORD
     {

src/dbg/handles.cpp

@@ -5,21 +5,6 @@
 #include "debugger.h"
 #include "thread.h"
 
-typedef NTSTATUS(NTAPI* ZWQUERYSYSTEMINFORMATION)(
-    IN LONG SystemInformationClass,
-    OUT PVOID SystemInformation,
-    IN ULONG SystemInformationLength,
-    OUT PULONG ReturnLength OPTIONAL
-);
-
-typedef NTSTATUS(NTAPI* ZWQUERYOBJECT)(
-    IN HANDLE Handle OPTIONAL,
-    IN LONG ObjectInformationClass,
-    OUT PVOID ObjectInformation OPTIONAL,
-    IN ULONG ObjectInformationLength,
-    OUT PULONG ReturnLength OPTIONAL
-);
-
 // Enumerate all handles in the debuggee
 bool HandlesEnum(std::vector<HANDLEINFO> & handles)
 {
@@ -361,4 +346,42 @@ bool HandlesEnumHeaps(std::vector<HEAPINFO> & heapList)
     return true;
     */
     return false;
+}
+
+String LoadedAntiCheatDrivers()
+{
+    Memory<RTL_PROCESS_MODULES*> HandleInformation(0x1000, __FUNCTION__);
+    NTSTATUS ErrorCode = ERROR_SUCCESS;
+    for(;;)
+    {
+        ErrorCode = NtQuerySystemInformation(SystemModuleInformation, HandleInformation(), ULONG(HandleInformation.size()), nullptr);
+        if(ErrorCode != STATUS_INFO_LENGTH_MISMATCH)
+            break;
+        HandleInformation.realloc(HandleInformation.size() * 2, __FUNCTION__);
+    }
+    if(ErrorCode != STATUS_SUCCESS)
+        return {};
+    const char* AntiCheatDrivers[] =
+    {
+        "EasyAntiCheat.sys",
+        "EasyAntiCheat_EOS.sys",
+    };
+    std::unordered_set<String> DriverSet;
+    for(auto & Driver : AntiCheatDrivers)
+        DriverSet.insert(StringUtils::ToLower(Driver));
+    String Result;
+    auto Modules = HandleInformation();
+    for(ULONG i = 0; i < Modules->NumberOfModules; i++)
+    {
+        const auto & Module = Modules->Modules[i];
+        String DriverName = (char*)Module.FullPathName + Module.OffsetToFileName;
+        dputs_untranslated(DriverName.c_str());
+        if(DriverSet.count(StringUtils::ToLower(DriverName)))
+        {
+            if(!Result.empty())
+                Result += '\n';
+            Result += DriverName;
+        }
+    }
+    return Result;
 }

src/dbg/handles.h

@@ -1,5 +1,4 @@
-#ifndef HANDLES_H
-#define HANDLES_H
+#pragma once
 
 #include "_global.h"
 #include "_dbgfunctions.h"
@@ -8,5 +7,4 @@ bool HandlesEnum(std::vector<HANDLEINFO> & handlesList);
 bool HandlesGetName(HANDLE remoteHandle, String & name, String & typeName);
 bool HandlesEnumWindows(std::vector<WINDOW_INFO> & windowsList);
 bool HandlesEnumHeaps(std::vector<HEAPINFO> & heapList);
-
-#endif //HANDLES_H
+String LoadedAntiCheatDrivers();

src/gui/Src/Utils/Configuration.cpp

@@ -275,6 +275,7 @@ Configuration::Configuration() : QObject(), noMoreMsgbox(false)
 
     QMap<QString, bool> miscBool;
     miscBool.insert("TransparentExceptionStepping", true);
+    miscBool.insert("CheckForAntiCheatDrivers", true);
     defaultBools.insert("Misc", miscBool);
 
     QMap<QString, bool> guiBool;