HyperHide: anti-anti-debug plugin for x64dbg
HyperHide is open-source hypervisor based Anti-Anti-Debug plugin for x64dbg/x32dbg. HyperHide uses Intel ept to hook various syscalls and also other functions which can be used to spot the presence of debugger.HyperHide supports all Windows versions from Windows 7 up to the newest version (x64 only), and works only on Intel processors with VT-x and EPT support.
https://github.com/Air14/HyperHide/raw/master/Images/x64dbg.png
https://github.com/Air14/HyperHide/raw/master/Images/x32dbg.png
Download sources from: https://github.com/Air14/HyperHide HyperHide_2021-06-13
BUGFIX:
Fixed hypervisor msr read/write handling
Crash when selecting KUserSharedData or Clear KUserSharedData 机翻:
HyperHide是基于x64dbg/x32dbg的开源hypervisor插件。
HyperHide使用Intel ept来挂钩各种系统调用和其他函数,这些函数可以用来发现调试器的存在。
HyperHide支持从Windows 7到最新版本(仅x64)的所有Windows版本,并且只在支持vtx和EPT的英特尔处理器上工作。 咋还纯英文贴 请问,这是干什么用的。 How123 发表于 2021-6-10 14:43
请问,这是干什么用的。
反反调试插件吧 很好,谢谢分享! 没有编译好的吗{:301_998:} 这个可以过VMP 3.5的反调试吗?
驱动未签名吧,安装不了{:1_889:} 尝试了下,各种蓝屏,调试目标就是 al-khaser
页:
[1]
2