- Joined
- Apr 4, 2009
- Messages
- 898
- Reaction score
- 157
To view the content, you need to sign in or register
__
To evade, you'd have to set a hook on GetThreadContext; if you used my anti-debugging library, some virtualization, and replaced the call to GetThreadContext with your own obfuscated version of GTC, then you should be fairly safe in preventing, say, DLL injection.
EDIT: Also, you would need to spoof the TIB for the start address catch.
