Quote:
|
Originally Posted by Opc0de
When you create/attach a program inside the debugger, the debug api will call a native function called "NtCreateDebugObject" that will create a DebugObject and set the EPROCESS->DebugPort = DebugObject.
SoftICE don't use the Debug API, that is the reason that this trick don't detect it.
Regards,
Opc0de
|
Thanks for the tech info, thats what i was looking for
