Bypass Malware Time Delays
Sleep
Suspends the current thread until the specified condition is met. Execution resumes when one of the following occurs:
An I/O completion callback function is called.
An asynchronous procedure call (APC) is queued to the thread.
The time-out interval elapses.
it takes 1 parameter DWORD
that represent dwMilliseconds
or how many Milliseconds to wait and it doesnt return a value .
whenever Sleep
gets called it will jump to SleepEx
from kernel32.dll
to perform the execution its like a wrapper around SleepEx
first we patch Sleep
and NOP
the jump then return instantly so no delay performed .
Before
After