The last time
I showed you a simple trick with conditional breakpoints.
Today I will present you a plugin which automates these breakpoints – to the extent
that a protected malware like the Zotob worm can be unpacked.
Quite often IDA users ask for a plugin or feature to hide the debugger
from the application. In fact there are many anti-debugging tricks and
each of them requires an appropriate reaction from the debugger, let’s
start with something simple: we will make the IsDebuggerPresent
function call always return zero.
Final method of loading several files into a database
I promised to tell you about the TLS callbacks.
Here is the discussion.
The third method to create a database with several PE files.
The second method to create a database with several PE files.
IDA Pro can load one PE file into a database and analyze it. Some users assume this is the maximum. Let’s take a closer look at the situation…
This is the first entry in the blog.