Could be the Trap Flag in EFLAGS when you single-step the instruction instead of skipping it. Or the push ss; pop ss; pushf trick...
Another guess would be the SetUnhandledExceptionFilter detection trick. Probably not the best link, but still:
Quote:
|
_hxxps://evilcodecave.wordpress.com/2008/07/24/setunhandledexception-filter-anti-debug-trick/
|
All these require some manual skipping/continuing instead of blindly passing the exception to the debuggee ....