Does Olly trap this infinite loop automatically ?
I even used jnz.
invoke IsDebuggerPresent ; running in the context of a debugger, the return value is nonzero
jz short continue_initialization_1
jmp short infinite_loop_1
infinite_loop_1:
jmp infinite_loop_1
continue_initialization_1:
---------------------------------------------
Once started, Olly runs an application until an exception occurs or you paused it.
Also, it is not specified whether IsDebuggerPresent (or any other API) set or clear the zero flag ;-)
invoke IsDebuggerPresent ; running in the context of a debugger, the return value is nonzero
test eax,eax
infinite_loop_1:
jnz infinite_loop_1
Thanks, the prog works but I am confused.
EAX has zero when run under Olly ?
i just went by your comment :P
Quoteinvoke IsDebuggerPresent ; running in the context of a debugger, the return value is nonzero
here is the MSDN doc...
QuoteReturn value
If the current process is running in the context of a debugger, the return value is nonzero.
If the current process is not running in the context of a debugger, the return value is zero.
The call to IsDebuggerPresent is easily patched to always return false; it could even be considered standard practice.
Stop wasting your time ::)
Right Tedd
IsDebuggerPresent is only an api the get the BeingDebuged from the Peb