Search Evasion Techniques
Names, Techniques, Definitions, Keywords
1 item(s) found so far for this keyword.
The kernel32 SuspendThread function or the NTDLL NtSuspendThread function can be another very effective way to disable user-mode debuggers. This can be achieved by enumerating the threads of a given process, or searching for a named window and opening its owner thread, and then suspending that thread.