ScyllaHide for IDA 7
本帖最后由 m4n0w4r 于 2019-2-3 00:22 编辑ScyllaHide for IDA 7
ScyllaHide is an advanced open-source x64/x86 usermode Anti-Anti-Debug library. Experimental IDA7 support
Deployment
You need to deploy following files:
[*]HookLibraryx64.dll (at IDA7 folder)
[*]HookLibraryx86.dll (at IDA7 folder)
[*]InjectorCLIx64.exe (at IDA7's plugins folder)
[*]InjectorCLIx86.exe (at IDA7's plugins folder)
[*]NtApiCollection.ini (at IDA7's plugins folder)
[*]scylla_hide.ini (at IDA7's plugins folder)
[*]ScyllaHideForIda7Plugin.dll (at IDA7's plugins folder)
[*]ScyllaHideForIda7Plugin64.dll (at IDA7's plugins folder)
How it works
It uses InjectorCLI to inject HookLibrary when debugger starts or attaches.
No remote debugging is supported and no GUI options.For now change parameters manually in scylla_hide.ini
data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAawAAACTCAYAAADSky1gAAAN4UlEQVR4nO3dSXLbOBiGYV7FB/CWlfK+D+DqC6CyyD6LdKYDsMqVxBmOQWdOjpDEmZhBmU+h8iLbvxeSSAAEQFKiLAF6F091W+Jkh+RH/ICEbDqdCrZRJUWeSZblUlT2e6Uo5+sAMHN2diZnZ2fy4cMHuXHjhjx48EBevnwpVVXJz58/5c+fP9HJNv1HBQCMj8ACAESBwAIARIHAAgBEgcACAETBFVgvXryQjx8/yo8fP+T379/RIbAAIEEEFgAgCgQWACAKBBYAIAoEFgAgCgRW8kpRWSZZbZmvP1r31ybZx5iJKjuOoyok56ucgJ1CYCXPDJuqyCXLC6kGrHM+gdVn+77l+B5CYBcQWMlbJnwILADbh8BKni98Zt+cbpTeSiVZruRfvTynymadspB8/npeVM16VfO6Wc6br1eo+j1jPe8xTp3bzotCW26xjlVOVGWvY1IqlyxTUm783wdAXwRW8gIlwVI1N/jpVEq1uLG7Qi4z16tv9rP36kAw+pbm6y32YaxnH6Peh+XedlXkWh9c6Qgvc3uhY3IHJ4BtRmAlzxcGi/e0cKj7trpKgvbgBzOEwsE3oKRXFZIb/W2+kLLWH3RMAGJBYCUvfIOuilzyoqr/616HwAKweQRW8jpu0FUhea5E5T0DqvWzq/yml/RWCKxRS4K+YwIQCwIred036FJlRl9W/Zo96MIXPMYAhyHBp79ufg6rbu2V+oAN16AL1/EOOSYAsUg3sLQbHaPBwppyGQBsLz2wrl+/Lvfv35cXL17Ihw8f5Pv37/Lr16/oZK0+jKqQghuyW6ufCAC2U5qBVaoe3+aw62afw1ruq5oA4PylGVh81gYAkpNoYE2laUHQPwMAKUg4sObmo8UILQCIW/qBNZ1/fscatn1e7p7+BQCMIM3AKgttIMGsNLip/qxN/wMDQCrSDCz7g6gbal0RWAAwnkQDa/O1VgILAMZFYBFYABAFAovAAoAoEFgEFgBEgcDahcA6vqh9EfBFubTUdp7IQXZBDk/s/++zvOf1kyPZ826nzz7s5c1vfN+7PFnh7/ZEDuq/Vf9tXzrMJDt84t3uzcsXjO2s9m+CmLjPjaHnueb4omT7R3LT2sdq5/12I7BSD6yTI9nTb4gnR3J4vMy21hBYvfc39PjGYAeWvu15gNk3n5Mj2du/KAf7/Y/j5uULSd9gMOc9N4ZeV6ZLh5kcHOv7MAMsNQRW6oHleApbDoFlbNt+EDhtwqd/COn7QMr858ZqgaWHlBFeibID6969e/L8+XN5//69fPv2TX7+/BkdAsswaw24b6ATOdxvSlMHx7OfjZO+Djz/hXXpUCtv1a2OPoFlLXNyJHt1ye3I+567hBa42I119d9vts7B4QXHNjsC69T+W03kcF8rdfZ5SDi+SOtqJ4TOjcW5ZZWdjdb7RA73/Q82Ny9fkL39C8FSdCoIrOQDa3HC2zfr2WutG+bxRePEb57a+jwJ2svYfTULru3Mll8c36yvx7M/542+vb/muK2yibVPd2gMDCzjRqTdoIL/JmO2CLG1gudGn+sqHFjjVxe2F4G1E4GlXTiLm7ejpNWc/NqNur7QAheWMahjaKh1PXn+bbWQ2k+ggf05fk93CHf8HZyB1bxml3puXu544j05kr0deCJG17nRr+LQfhBrXDrM5OBwrNL/diOwdimw9IvFG1i+ensgaOrt6DfxsQOrq6/nnAPL2K6vNRku46Te34A+58aKLay6ZO8o5yeIwEo9sI6PtAtALwN6SoKnfz0jmjwXlj6oo1VuG9KH1VUS7BquG9qfXRIMtZz09cKjBOttOge2hG4glAN3Rue5sUpgWedRrwe7uBFYqQeW/YRnlKHM9/Sba/szI74LSxu4YYTcEoMutNJieNDFwM+zGOv6Qth1nL4WlLmO77Mv/rIgowN3Rfe54RnA1KNc7PpcV9fnAGNHYCUfWMtfaKmXFwDEhcAisNp24AOIAOJDYBFYmkV5j/4VANuHwCKwACAKBBaBBQBRILAILACIAoEFAIgCgQUAiAKBBQCIgh5Y165dk3v37smzZ8/k3bt3MplM5MePH9EhsAAgQQQWACAKBBYAIAoEFgAgCgRW8kpRWS5Fta7ll10H2C2lyiRTpfX6itdOqbRZBJSUXdusCsn19xbr54VUg/dfirLm+VLlev+GBFbyCCxg46pC8lyJyu3rRL92Bl5HVSF5HVKzn4tyyHZmgdOEzHncK1ZDYCWPwAI2rSpyyYuq/m/z3gqBVSpPy2hIYOnLEVgE1sb5T6pSac35ulQxX74sJJ+/Z1xgVfO6twThXKaSIrdLB67XgNRUUixaVlUhuREyi2vHKq8ZpcNKilxrSRnrWtenvk3nNezeX17cX3L/BBaBNao+J5X9lKfVtI2at7WtUs0vhMBT4mKZUrXr967XgNQYIaWF13Qq/VpYvsBYvGc/8FnXcKk8D5d9W1jhwGz3oa0PgZW8QGAZHbb+i6ZU84vBaDnpT2LaOr5l5q+7WmvtJ0QgHXYZsCrydkXDde25riVfJWK+rHL2Yfn20RFYnfunhUVgjc5zUhkdtvpTn7387AmuCayO0oB3mWlzsVoXnes1IA3tkXT+cvoyLaxGE4QjBVbn/gksAmstF4zjpNI7bFtlP63VYwRQR83ctb7nwrLfd70GRM85MEJ7CFwlsMqi9WDZLtGH9kFgbQMCq3VSmU93s5NaG/BgDLednYRK5e4ShF0mcD3RuZZxfV7E+RkSIB2lcj+8+VpD9UCoXn27voEaywbWivs/h/I+gQUAiAKBBQCIgh1Yd+/eladPn8rbt29lMpnI9+/fo0NgAUCCCCwAQBQILABAFAgsAEAUCCwAQBQILABAFAgsAEAUCCwAQBQILABAFAgsAEAUCCwAQBQIrOSVoqzpQfp8u3Kpwt/YvJjDyj3Hj75v/f1lpiJY9xQG53mMvuWGzgoN7CYCK3l2YNnTDjiCqSokN6Yc6eaez8rcX1XkjrmBXMfbZ46eMf8+53WMBBawCgIreaHAmjpnCF6ET/9JFfV92K8PvbFvNrDWe4wEFrAKAit5HYFlzH66+Fmb7r6ztTGVaak8wea7sdv7nM5nZlXyr29yyLKZFNLYlzVZZLPN+XqF6ih/hsOnntDOOJ6Bx+jdl+d143cKTKXe629irj+bmJPJMhEnPbCuXr0qx8fH8uTJEzk9PZWvX7/Kt2/fokNgGQYGlhFSWnh5tx9aJlBuK5VRiiyVa8rwxc+ZuZ7VJ2ccu3FT18qdxno9j9G73JBjtLdh9/vZfWfWtuuHAXv/2v5av7dv/fXPCAusE4GVvD6BZd6w9ZtaM5W3Z/tVIbn3ffsGrd/EreOqQ6Kr3Kb97ChnhoPP17oJDBwpVXeoDNpXx+tWi7HVigtMba7KvusDcSKwkjekD8vXAvCXkKoiN0t7rX37b5LuvrJNBJbnGI3t68G+7sDqagna29Fayb3WB+JEYCWve5RgHTilcpTDHP1Nxnuhm2DHTdI5GnFIGLhKgqHfdWBg6X+PUNltzMDylu4CyzgeOrpGbAIxIrCSF/ocVrus5Orj8JcFfaMD9ffDN0nX573qgQ7OUlZogMKYITKVRVhnWSaZFayDjrFzX6HfyV8SnA2gsAeb9FkfiBOBhY1qSnjoj/DBbiKwsDl9h83DQmBhNxFY2IBFqY2b7nIILOwmAgsAEAUCCwAQBQILABAFAgsAEAUCCwAQBQILABAFAgsAEAU9sP777z+5c+eOPH78WN68eSNfvnyRyWQSHQILABJEYAEAokBgAQCiQGAlrz3HlXuG3iW3sUmumX21CReZXRdIC4GVPNfUFaEpQXpsYxPHbZh/F6FS1vQmXbMrA4gZgZW8vnM1DdnGJo7bt4wWWKUy5tYyZzIGEDsCK3nWjd+4qTumXS9cJTVXeMxaOfUy9ey882XLZhJBIzSsyQWb0qI+KeE/8k9rAkLf79YEViugrAADEDcCK3l2/5NdQjOnXa9v8Eb/kG8bi8BwzGrsnVre14dmT+0+vIVFYAFpI7CS5+rDslpVrf/vek8zH+Rgt5T0ZetZhR39Z82Mw8uULgksYJcQWMmzb/yzUl47JNYVWNr+1hxY9GEBaSOwkrfOFpa/JFgHhRFSrpKgb1TfEoEV3B6A2BFYybP7n/qGkqN/S5MXT41BF1WRG4MuZoMnHJ/ZMgZdhAOqVMMGXUynU+NzWFvxWTEAoyGwMDJaNgDWg8DCyAgsAOtBYGFkBBaA9fAF1uvXr+Xz58/y9evX6BBYAJAgAgsAEAUCCwAQBQILABAFAgsAEAUCCwAQBQILABAFAgsAEAUCCwAQBQILABAFAmuntb+FnW84B7BuWZYttR6BtdP43j8A52/xgDx0PQJrpxFYAM6fXtUZsh6BlbxlZxLOpSibyRZVOZ+ksZ7AseqxfQBoy6yuiL7rEVjJGzKTsDmV/WwG4Wk9i28dUqWyliWwAPQ3RgvrypUrcvv2bXn06JG8fv1aPn36JF++fIkOgWVYoYXlDaHQNggsAGFj9GERWEkisABslzFGCRJYSaqkyLXh6qWSbNTACm0fAMZDYO2CeR9UlmWSKRXow1r0Uw0JrND2AWA8BBYAIAoEFgAgCgQWACAKBBYAIAoEFgAgCgQWACAKBBYAIAoEFgAgCgQWACAKBBYAIAoEFgAgCnZg3bp1Sx4+fCivXr2Sqqrk8+fP0SGwACBBBBYAIAoEFgAgCgQWACAKBBYAIAoEFgAgCikG1v9oxV36HRwwdwAAAABJRU5ErkJggg==
More info:https://github.com/vdisasm/ScyllaHideForIda7
This plugin can PatchLocalWin32DebuggerPlugin when using IDA7 with the latest Win10
// IDA 7.0 for 32-bit bases
// Error 1491 on debugger start (happens on adding modules to list)
// It is not proper solution, but makes it possible to test plugin. thank you 看起来不错,非常感谢! 虽然看不懂,还是要学习 good东西不错,谢谢分享。{:1_893:}{:1_893:}{:1_893:} 还有这种操作,赞一个。{:1_893:} 好奇怪,插件显示已经激活,但是用scylla自带的test还是没有隐藏,请问楼主有测试过么?
还有,都过了2年多了,有没有IDA7.5的scyllahide?
页:
[1]