From 299ba4258b2bb19ac60558ca4681c0ab89b4f5e2 Mon Sep 17 00:00:00 2001
From: jtothej <95413053+jtothej@users.noreply.github.com>
Date: Wed, 5 Jul 2023 16:54:38 +0800
Subject: [PATCH] Update hide-thread-from-debugger.yml

---
 .../debugger-evasion/hide-thread-from-debugger.yml              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/anti-analysis/anti-debugging/debugger-evasion/hide-thread-from-debugger.yml b/anti-analysis/anti-debugging/debugger-evasion/hide-thread-from-debugger.yml
index 8605b1038..7f50b0e22 100644
--- a/anti-analysis/anti-debugging/debugger-evasion/hide-thread-from-debugger.yml
+++ b/anti-analysis/anti-debugging/debugger-evasion/hide-thread-from-debugger.yml
@@ -28,6 +28,6 @@ rule:
         - or:
           - string: "NtSetInformationThread"
           - string: "ZwSetInformationThread"
-        - api: GetProcAddress
+        - match: link function at runtime on Windows
         - api: GetCurrentThread
         - number: 0x11 = ThreadHideFromDebugger