Beginner Malware Analysis

  1. MA 1: IsDebuggerPresent

    A first look at anti-debugging: how a program detects an attached debugger via the IsDebuggerPresent Win32 API.

  2. MA 2: IsDebuggerPresent Workaround

    The cat-and-mouse next move: detecting a debugger without ever calling IsDebuggerPresent, so common hook-based bypasses (ScyllaHide etc.) miss it.