Excellent video. A tip for those who want to "automate" the skip so you don't have to change the IP every time. Check the function out and if it is just calling NtSetInformationThread or some other anti-debug code and it doesn't contain important malware code (which it usually doesn't since it is isolated anti-debug function) you can simply NOP the whole call and skip over that check every time you restart the exe\dll in the debugger.
![Why Is The PE Entry Point Not The Same As Main SEH and The _security_init_cookie [Patreon Unlocked]](http://i.ytimg.com/vi/suwZB3EA_u4/mqdefault.jpg)
![Why Is The PE Entry Point Not The Same As Main SEH and The _security_init_cookie [Patreon Unlocked]](/img/tr.png)
![Debugging a DLL Export With x64dbg [Patreon Unlocked]](http://i.ytimg.com/vi/bkj8wSVEDR4/mqdefault.jpg)
Excellent video. A tip for those who want to "automate" the skip so you don't have to change the IP every time.
Check the function out and if it is just calling NtSetInformationThread or some other anti-debug code and it doesn't contain important malware code (which it usually doesn't since it is isolated anti-debug function) you can simply NOP the whole call and skip over that check every time you restart the exe\dll in the debugger.
Nice tip!
Pls I want to learn software how can you help me please
this is amazing... nice work. thanks for sharing.
I never thought about using graph view while using x64 lol
As always, your vids are the best.
Thanks! Sometimes it's very useful to see see the control flow from another perspective.
Brilliant as always!
Thank you for this Good turtorial :)
Amazing content! Please do more videos Reverse engineering context! thank you.
Excellent video
features ! love them all 🚩❤
Couldn't you have inserted a jump instead of the push 0?
Thanks Teacher, have you considered writing a book about reversing?
No books, just live workshops and videos : )
Can this method remove the x63dbg (32bit) virus???
What would be the approach when the exe reproduces itself and its threads (like in process explore you can see 6times the same process)
That's a completely different topic ;) You may want to check out some of our process injection unpacking tutorials.
Almost the same trick, as Enigma does to detach from the debugger. However, if I remember correctly, Enigma uses ZwSetInformationThread instead
Hi please help me crack my software
May I ask you to make a video about Software Nanomites?)
No, lol
hello, is there someone sleeping while you record? there is background voice.. like snoring ... just sayn
Haha that's my bulldog Boris. If you check out our streams on Twitch you will see he sleeps beside my desk and has his own doggo cam
Where is the part II?
On our Patreon : ) www.patreon.com/posts/analyzing-anti-57443723
I think i want to marry this man