This post is a continuation to the previous post based on the user comments. Here I will explain how to patch an exe file and also the other method to bypass Isdebuggerpresent API.
In the previous post I have bypassed the Isdebuggerpresent API by changing the return value in the EAX registet. You can also bypass the API by filling it with Nop(No Operation) or you can use Hide Debugger plugin available in the internet.
Here I have filled the code with NOP instructions so that nothing happens it just passes the control to next instruction,
To patch the file so that next time you can debug without any interrupt you have to select the modified code area like shown below and right click select selection from copy to executable.
Next, it will open memory map in that right click and select save file,
Now the file is patched and ready to debug. Thanks:)
It was good, and there is another way to by pass the IsDebuggerPresent Function. You can either change the ZeroFlag to 1, which means the condition is satisfied and takes the jump without leading to the Message box.
ReplyDelete