|
Hi,
I tested this trap flag example, the exception gets reported as first chance (this is supposed to happen for all exceptions) and when you run again, the debugger is NOT detected, which means the exception was forwarded to the application.
The closehandle trick indeed detects x32_dbg... but that's because it forwards the exception to the program (as it's supposed to), but you could write a simple plugin that skips all STATUS_INVALID_HANDLE exceptions (by calling TitanEngine's SetNextContinueStatus function).
What kind of idea(s) do you have for 'keeping things in usermode'? I looked a little around, but it's not possible without hooking in usermode, something I want to avoid.
Greetings
|