Search Evasion Techniques

Names, Techniques, Definitions, Keywords

Search Result

1 item(s) found so far for this keyword.

CsrGetProcessID Anti-Debugging

This function is undocumented within OpenProcess. It can be used to get the PID of CRSS.exe, which is a SYSTEM process. By default, a process has the SeDebugPrivilege privilege in their access token disabled. However, when the process is loaded by a debugger such as OllyDbg or WinDbg, the SeDebugPrivilege privilege is enabled. If a process is able to open …

Read More