PhantOm V1.25 修正(OD隐藏插件)
by Hellsp @ wn & Archer
/ / spring aggravation:
/ / IHA! PEOPLE WITH ALL DAY! SPRING WALKS! BEER begins! GULYAYTE DEVUSHKAMI X!
/ / ZHIVITE FULL LIFE!
| Privety fly to:
| Bronco, kioresk, RSI, lord_Phoenix, HoBleen, Grim Fandango,
| Guru.eXe, vad8787, PE_Kill.
————————————————– —————————
The plug to hide OllyDbg (with driver).
Helps detection of the following methods:
/ / driver - extremehide.sys
[+] NtQueryInformationProcess.
[+] SetUnhandledExceptionFilter.
[+] OpenProcess.
[+] Invalid Handle.
[+] NtSetInformationThread.
[+] RDTSC.
[+] NtYieldExecution.
[+] NtQueryObject.
[+] NtQuerySystemInformation.
[+] Windows hide.
[+] GetProcessTimes.
[+] NtSetContextThread.
/ / plug - PhantOm.dll
[+] PEB BeingDebugged.
[+] PEB NtGlobalFlag.
[+] GetStartupInfo.
[+] Process Heaps.
[+] GetTickCount.
[!] Protect DRx.
[!] Hide DRx.
[!] Fake Windows version.
[!] Custom Handler.
[+] BlockInput
What’s New - 1.25
You may now ask the very name services
HIDENAME and RDTSCNAME.
Some minor bugs.
Fixed bug with memory breakpoints.
What’s New - 1.20
Added own processing exceptions (C0000005).
Added the title change of the main window.
Added own processing exceptions (OUTPUT_DEBUG_STRING_EVENT).
int 3 at EP correctly removed if the stop
at the point of the system failed.
Added BlockInput interception. (WinXP only)
Added own processing exceptions (C0000094).
Added hide from GetStartupInfo.
Fixed bug with the settings plug.
Added protection from detection drivers.
What’s New - 1.15
Several bugs.
What’s New - 1.10
hook GetProcessTimes - moved to the driver.
hook NtSetContextThread - moved to the driver.
The bug and removing the “EP break.”
Several bugs related to downloading options.
In ini added “DELTARDTSC which will regulate the spread RDTSC.
What’s New - 1.04
Fixed bsod while loading drivers.
What’s New - 1.03
Fixed bug with windows.
What’s New - 1.01
Fixed bug in the driver.
What’s New - 1.00
Added protection OllyDbg windows.
Now OllyDbg patchitsya regardless of ImageBase.
What’s New - 0.60
Added own processing exceptions (C000001E, 80000001, C000001D).
Added removal int3 with EntryPoint.
Fixed bug with GetTickCount.
Added methods in anti-detekta driver.
What’s New - 0.58
Fixed bug with Hide from peb on some systems.
What’s New - 0.57
Fixed bug with the attachment to the process.
Added protection from GetProcessTimes.
[-] Removed option Fake Windows version (at the time).
What’s New - 0.55
Improved imulyatsiya GetTickCount.
Added emulation RDTSC.
Fixed bug with not zeroing ServicePack.
A bit optimized code.
What’s New - 0.53
Now the driver is in resources.
NtSetInformationThread added protection.
Fixed bug with Fake Windows version.
What’s New - 0.51
Fixed bug in the GetTickCount
Fixed bug with a patch PEB ‘and
/ / Notes:
– if you have changed the settings in the plug, but you open any file in OllyDbg,
necessarily have to restart it (Ctrl-F2) program.
– plug-in displays debug messages Log (Alt + L), so the first run
advised to put all the options and examine the Log for errors.
– tested only on Windows 2000 SP4, XP SP2.
– with the plug, it is recommended to turn off programs that can prevent
loading drivers (Antivirus, PC).
– incorrect in the work are encouraged to try to plug the “native” OllyDbg,
without extraneous plugins.
/ / Contact author:
www: hellspawn.nm.ru
mail: for.hellspawn @ gmail.com FK 好强大的E文介绍啊
+
小子你E文都过级了 你不给翻译。。。。。。
幽灵插件 1.25 修正版
……
最后
–,如果您改变了在插件的设置,要打开在OllyDbg的所有文件,
necessarily必须重新开始(CtrlF2)。
–插入式显示调试留言记录(Alt + L),如此头次运行投入所有选择和审查错误的日志。
–插件在视窗2000 SP4, XP SP2仅测试了。
–,推荐关闭可能防止的插件的软件
(否则可能怀疑是病毒,PC(个人计算机))。
-----------------------------------------
乱啊 早个引擎翻译了下
更乱~~啊 啊 啊啊 啊 啊啊 路过!!!!!!!!!!!!!DDDDDDDDDDDDDDDD 怎么现在的工具.搞个介绍都用E文.. 好东西呀
一定要看看 谢谢!!!!!!!!!!!! 全世界都找不到 在这里找到了 感谢论坛的兄弟们 众人拾柴火焰高。 幸亏 2 楼 翻译了一下,谢谢2楼