简单的script
r @$t0 = kernelBase!IsDebuggerPresent; eb @$t0+0x9 31 c0 90 90
强制把原代码改成xor eax, eax; nop; nop
注意在xp下,使用kernel32
windbg script ---- 禁用IsDebuggerPresent
强制把原代码改成xor eax, eax; nop; nop
简单的script
r @$t0 = kernelBase!IsDebuggerPresent; eb @$t0+0x9 31 c0 90 90
注意在xp下,使用kernel32