1. 11

  2. 1

    One way to detect that code is running under a debugger is to modify an instruction that should have been pre-fetched by the processor. If a debugger is single-stepping then the modified code will be used, otherwise the original pre-fetched code is used.

    I know that instruction caching is a thing — but don’t those get invalidated on writes? I mean, that sounds like it would be a bug, because that would render self-modifying code non-functional?