Autodisbale win32api "IsDebuggerPresent"
That is to say always return FALSE.

I just Register & Login,but the topic also is "Anonymous", why?

For debugging in Ollydbg, there should be no reason to change this. It is only required for cracking programs, which is not permitted to be talked about on this board. Please think about your questions before posting or post may be deleted.

Anyway, for anyone wishing to know if there program is being debugged, there are many ways - there's not just IsDebuggerPresent. Check out Armadillo for example. For obvious reasons however, I'm not going to describe the various methods here.

Sorry!

but i think IsDebuggerPresent is the_most_used_way
and it will be usefully if AutoDisable it.

tulipfan: you are free to implement this feature in a plugin
it would be a good oportunity to learn the OD internals.

TBD: you're completely right! i did the same you're asking tulipfan to do! My own plugin patched the return of IsDebuggerPresent, And corrected the byte in memory of detecting the debugger using the seh, described by ^DEAMOIN^ and used in severall protectors lyke ultraprotect.
Learnig the OD internals will help you a lot if you have to deal with apps with the same protection.

lownoise: and why you dont share this plugin ?

TBD:Well OllyDbg isn't officialy a cracking tool (: and therefore i don't share this plugin Because someone could use it to dump programs from memory protected with U....Protect

only a small note is good.
1:how use plugin to modify the data in the datawindows.
2:when to modify the data.(maybe after restart a exe,OD send a MSG?)

find it!
extc ulong cdecl Readmemory(void *buf,ulong addr,ulong size,int mode);
extc ulong cdecl Writememory(void *buf,ulong addr,ulong size,int mode);

but the MSG after OD load exe is ?

Ok here is the idea to patch api call IsDebuggerPresent
I assume you know how to patch the api call in memory to return the corrected value
* NewApiData=memory patched api bytes
* GetProcAdress IsDebuggerPresent
* writememory newapidata on return value of getprocaddress IsDebuggerPresent

Create a plugin who does the above steps and execute the plugin when olly paused when app is loaded ( debugging options / Events/ Make first pause at system breakpoint

oh,i know,but it is not auto_disable.
i mean that when install the plugin,not need to do something else.

You don't have to do something else , just run the plugin when app is loaded.
if you want to auto_disable this you have to patch kernel32.dll on your hdd
because the app loads kernel32.dll in his own memory space

i want to know when the od load a exe and stoped,od should post an MSG?
at this time our plug can easily defeat the XXX. but who know the MSG when od after load an execute?

i have code the plug but not auto_all @_@

I think you have to Open the exefile in your plugin.

int OpenEXEfile(char *path,int dropped);
Returns 0 if executable file is successfully started

OD 2 should create such a MSG.

thank you!
i will have i try!

Plugins can have hotkeys, so there's nothing wrong with having to press ALT+F2 for example to execute the "isdebuggerpresent" disabler.