Search Evasion Techniques
Names, Techniques, Definitions, Keywords
1 item(s) found so far for this keyword.
This function is undocumented within
OpenProcess. It can be used to get the PID of CRSS.exe, which is a
SYSTEM process. By default, a process has the
SeDebugPrivilege privilege in their access token disabled.
However, when the process is loaded by a debugger such as OllyDbg or WinDbg, the
SeDebugPrivilege privilege is enabled. If a process is able to …