吾爱破解 - 52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 7549|回复: 4
收起左侧

[OllyDbg 1.x Plugin] Hyde - OllyDbg2 anti-detect plugin

[复制链接]
Hmily 发表于 2011-9-20 13:30
Hi all,

Some days ago I released my second plugin for OllyDbg2, Hyde. This plugin is designed to hide OllyDbg2 from the Debugee, yet allow normal usage of Apis for finding other windows and processes.

Also (with reversing in mind) the patch options can be saved to file (as Patch-sets) for easy reloading..
For example, with an ASProtect target you can set the patches that you need for ASProtect and save to a file "ASProtect.SET". This patch-set file can then be loaded whenever you need to debug ASProtect.
Included in the archive as an example is a Patch-Set for V(M)Protect 1.93 ..

As OllyDbg2 is still beta, no direct patching of OllyDbg2 strings or code is done, as that would just lead to too much hassle. Better to wait until final release for that, so all patches are done just to Apis.

In the first version these things are patched:
  • PEB.IsDebugged
  • PEB.NtGlobalFlag
  • PEB.HeapFlags
  • NtQueryInformationProcess
  • NtQuerySystemInformation
  • NtSetInformationThread
  • FindWindowA
  • FindWindowW
  • FindWindowExA
  • FindWindowExW
  • EnumWindows
  • Process32NextW
  • OutputDebugStringA
  • OutputDebugStringW
  • NtQueryObject
  • GetTickCount
  • NtOpenProcess
  • BlockInput
  • NtClose
  • GetStartupInfo

Suggestions are welcome, however please note that OllyDbg2 is not detectable by a lot of the old tricks, so please check

Example: ESI = -1 on startup no longer works as detection, no BPX left on EP ..

I'll try to keep latest release here always as attachment, but you can also check the page for this on my site: http://bob.droppages...s/OllyDbg2/Hyde

Thanks to LCF-AT and Teddy for beta-testing

Have fun!
BoB

Hyde_OD2_Plugin.rar

24.74 KB, 下载次数: 35, 下载积分: 吾爱币 -1 CB

免费评分

参与人数 1热心值 +1 收起 理由
Smallhorse + 1 呵呵!如果是汉化的就更带劲儿了!多谢H大!.

查看全部评分

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

Smallhorse 发表于 2011-9-20 14:05
H大的分享!一个字“顶”。。。还是沙发!!
Smallhorse 发表于 2011-9-20 14:11
简单译一下:错误的不要喷哦................
嗨,

前段时间我释放我的第二个插件为OllyDbg2,海德。这个插件是为了隐藏OllyDbg2从Debugee,但允许正常使用的api寻找其他窗口和过程。

也在脑海里颠倒这个补丁选项都可以保存到文件(如Patch-sets易于重装…)
例如,您可以设定一个目标ASProtect补丁,你需要ASProtect并保存到一个文件”ASProtect.SET”。这patch-set文件就可以装在你需要调试ASProtect。
包括在档案为例是一个Patch-Set为V(M)保护1.93 . .

作为OllyDbg2仍然是测试阶段,没有直接的琴弦,OllyDbg2修补代码是做的了,因为那只会导致越来越多的麻烦。最好等到最后的版本,所以补丁做只是为了的api。

第一个版本这些东西了。
PEB.IsDebugged
PEB.NtGlobalFlag
PEB.HeapFlags
NtQueryInformationProcess
NtQuerySystemInformation
NtSetInformationThread
FindWindowA
FindWindowW
FindWindowExA
FindWindowExW
EnumWindows
Process32NextW
OutputDebugStringA
OutputDebugStringW
NtQueryObject
GetTickCount
NtOpenProcess
BlockInput
NtClose
GetStartupInfo


建议是受欢迎的,但是请注意,OllyDbg2不能够被很多老把戏,请核对

例如:应急服务国际公司= 1开机时不再是检测,没有BPX留在EP . .

我会试着把永远在这里当连线最新版本,但你还可以查看网页作在我网站:http://bob.droppages...s/OllyDbg2/Hyde

由于LCF-AT和泰迪为beta-testing

玩得开心!
鲍勃
zhude111 发表于 2013-3-20 12:46
syjzwjj 发表于 2013-11-4 16:12
感谢分享啊!!!
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则

返回列表

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-12-26 11:56

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表