So, what happens if you start an application normally, suspend it with process explorer and then attach a debugger?
Are you catching the anitduggers with their pants down or is there more to it?
I noticed that a code dump suspended and then running an attached debugger shows differences in the code.
This tells me that I have bypassed at least some anitdebugging features?
Ideas>?
Bookmarks