/

Debugger Detection

Protection Module: DebuggerDetection

Detects if a debugger is attached to your application process and triggers the configured action.

Available for:

  • Desktop Applications (Windows, Linux, macOS)
  • Mobile Applications (iOS, Android)
  • Server Applications

How It Works

Debugger Detection continuously monitors your application to detect if a debugger is attached. It uses multiple detection techniques to identify both managed and native debuggers.

Detection Techniques:

  • Managed debugger API (System.Diagnostics.Debugger.IsAttached)
  • Native debugger detection (Windows: IsDebuggerPresent, CheckRemoteDebuggerPresent)
  • Linux/macOS: ptrace detection, /proc filesystem checks
  • Dynamic debugging detection (breakpoint analysis)

Common Debuggers Detected:

  • Visual Studio Debugger
  • JetBrains Rider Debugger
  • WinDbg / x64dbg
  • GDB / LLDB
  • dnSpy / ILSpy debuggers

Configuration

JSON Configuration

JSON
{
  "protections": {
    "DebuggerDetection": {
      "enabled": true,
      "action": "close"
    }
  }
}

Code-Based Configuration

C#
await Payload.ConfigureAsync(config =>
{
    config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.Close);
});

Advanced: Custom Interval

For performance tuning, specify check interval (default: 30 seconds):

JSON
{
  "protections": {
    "DebuggerDetection": {
      "enabled": true,
      "action": "close",
      "intervalMs": 15000
    }
  }
}

Available Actions

ActionBehaviorRecommended For
CloseTerminate application immediatelyProduction apps with critical IP
LogRecord incident and continueDevelopment, analytics
EraseSecurely delete data then terminateFinancial, healthcare apps
CustomExecute custom handlerEnterprise integrations
NoneDetect only, no actionTesting configurations

See Actions for detailed action documentation.

When to Use

Recommended for:

  • Applications with valuable intellectual property
  • Licensing validation code
  • Financial applications
  • Security-critical algorithms (authentication, encryption)
  • Production builds distributed to end users

Not recommended for:

  • Development builds (you won't be able to debug)
  • Applications that need debugging in production
  • Open-source applications where debugging is expected

Development Impact

When DebuggerDetection is enabled with Close action, you cannot debug your application. Use #if DEBUG to disable in development builds or use Log action during development.

Code Examples

Development vs Production

C#
await Payload.ConfigureAsync(config =>
{
#if DEBUG
    config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.Log);
#else
    config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.Close);
#endif
});

Custom Action with Logging

C#
await Payload.ConfigureAsync(config =>
{
    config.RegisterCustomAction("debugger-alert", async (threat) =>
    {
        await File.AppendAllTextAsync("security.log",
            $"[{DateTime.Now}] Debugger detected: {threat.Description}\n");

        await SendEmailAsync("security@company.com",
            $"Debugger attached to {Environment.MachineName}");

        Environment.Exit(-1);
    });

    config.AddProtection(ProtectionModuleType.DebuggerDetection, "debugger-alert");
});

Mobile-Specific Alert

C#
config.RegisterCustomAction("mobile-debugger-alert", async (threat) =>
{
    await Application.Current.MainPage.DisplayAlert(
        "Security Warning",
        "Debugger detected. Application will close.",
        "OK"
    );

    await Task.Delay(2000);
    Environment.Exit(-1);
});

config.AddProtection(ProtectionModuleType.DebuggerDetection, "mobile-debugger-alert");

Platform Compatibility

PlatformSupportNotes
.NET 6+Full support with managed and native detection
.NET Core 3.1-5.0Full support
.NET Framework 4.6.2-4.8.1Windows API detection
.NET Standard 2.0+Automatic platform adaptation
MAUIiOS and Android detection
Xamarin.iOSJailbreak-aware detection
Xamarin.AndroidRoot-aware detection
Xamarin.FormsCross-platform detection
Blazor WebAssembly⚠️Limited (browser DevTools not detected)
Blazor ServerServer-side debugging detection

Performance Impact

CPU Usage: Minimal (~0.1% CPU during checks) Memory: <1 MB Check Frequency: Every 30 seconds (default)

Performance Tuning:

JSON
{
  "protections": {
    "DebuggerDetection": {
      "enabled": true,
      "action": "close",
      "intervalMs": 60000
    }
  }
}
  • Aggressive (15s): Higher security, more CPU usage
  • Balanced (30s): Recommended default
  • Conservative (60s): Lower overhead, slower detection

Threat Detection Details

When a debugger is detected, the ThreatInfo object contains:

JSON
{
  "threatId": "DBG-2025-12-28-1234",
  "description": "Debugger attached to process",
  "moduleType": "DebuggerDetection",
  "detectedAt": "2025-12-28T10:30:45Z",
  "confidence": 1.0,
  "metadata": {
    "processId": 1234,
    "processName": "MyApp.exe",
    "debuggerType": "managed",
    "platform": "Windows"
  }
}

Next Steps

Actions

Configure threat responses

Custom Actions

Create advanced handlers

JSON Configuration

Full configuration reference

Previous
Overview
Next
Virtual Machine Detection