Windows API : NtQueryInformationProcess / ZwQueryInformationProcess

This function retrieves information about a specified process. Malware are able to detect if the process is currently being debugged with the information retrieves by the function.

Additional Resources

Subscribe to our Newsletter and don't miss important updates