moved sub header

pull/1/head
zhwu2697 3 years ago
parent 0e530802d4
commit 98a7cd31a0

@ -21,10 +21,10 @@ The second method is to breakpoint each function with x64 debugger and take a lo
I did eventually come up with a third method, and it was to let procmon do its thing while you debug the program - but ill leave that as an exercise for another day.
## disabling defender
## x64 Debug
### disabling defender
If we breakpoint onto RegSetKeyValue it writes into "DisableAntiSpyware" which we can research on the internet
There is a lot of occurance with the following registry directory: "Software\\Policies\\Microsoft\\Windows Defender"
It is found under the parent directory of HKLM64.

Loading…
Cancel
Save