Something like this appears in Ollydbg:
Code: Select all
00E3436C FF15 00400801 CALL DWORD PTR DS:[<&KERNEL32.IsDebugger>; kernel32.IsDebuggerPresent
There's actually a list of these functions I'd like to go through and change. In my head it seemed as though I could change the function calls in the running program itself without changing offsets or data positioning. If that's so then can't you just change the executable like that, and if so - how would you do that?