How do I bypass IsDebuggerPresent with OllyDbg?

Question

I don\'t really understand how to get around IsDebuggerPresent. I think I am supposed to find the registers used for debugging and then set it to 0 to trick IsDebuggerPresent, b

Answer 1

Inject this code in your process:

mov eax,dword ptr fs:[18]
mov eax,dword ptr ds:[eax+30]
mov byte ptr ds:[eax+2],0

This will patch the PEB.BeingDebugged flag, ensuring IsDebuggerPresent always returns 0

When using x64dbg you can run the dbh command.