Quite often IDA users ask for a plugin or feature to hide the debugger from the application. In fact there are many anti-debugging tricks and each of them requires an appropriate reaction from the debugger, let’s start with something simple: we will make the IsDebuggerPresent function call always return zero.
Final method of loading several files into a database
I promised to tell you about the TLS callbacks. Here is the discussion.
The third method to create a database with several PE files.
The second method to create a database with several PE files.
IDA Pro can load one PE file into a database and analyze it. Some users assume this is the maximum. Let’s take a closer look at the situation…