ScyllaHide

风吹屁屁凉

ScyllaHide is an open-source x64/x86 usermode Anti-Anti-Debug library. It hooks various
functions in usermode to hide debugging. This will stay usermode! For kernelmode hooks use
TitanHide.



------------------------------------------------------

Debugger Hiding:
- PEB - BeingDebugged, NtGlobalFlag, Heap Flags
- NtSetInformationThread - ThreadHideFromDebugger
- NtQuerySystemInformation - SystemKernelDebuggerInformation, SystemProcessInformation
- NtQueryInformationProcess - ProcessDebugFlags, ProcessDebugObjectHandle, ProcessDebugPort, ProcessBasicInformation
- NtQueryObject - ObjectTypesInformation, ObjectTypeInformation
- NtYieldExecution
- NtSetDebugFilterState
- NtUserBuildHwndList
- NtUserFindWindowEx
- NtUserQueryWindow
- NtClose
- GetTickCount
- BlockInput
- OutputDebugStringA

Protecting and Stealthing DRx (Hardware Breakpoints):
- NtGetContextThread
- NtSetContextThread
- KiUserExceptionDispatcher (only x86)
- NtContinue (only x86)

------------------------------------------------------

Usage standalone (debugger-independent):
InjectorCLI.exe <process name> <HookLibrary.dll path>

For example:
InjectorCLI.exe crackme.exe C:\HookLibrary.dll

------------------------------------------------------

Plugins:
- for TitanEngine: Copy HookLibrary.dll and ScyllaHide.dll to plugins\x86\ or plugins\x64\
(can be combined with TitanHide which does kernelmode hiding)
- for OllyDbg v1.10: Copy HookLibrary.dll and ScyllaHide.dll to your plugins directoy
- for OllyDbg v2.01: Copy HookLibrary.dll and ScyllaHide.dll to your plugins directoy

------------------------------------------------------

ToDo:
- x64 compatibility support
- x64 Exception Support
- Better (stealth) hooks

------------------------------------------------------

NOTE: You need to put NtApiCollection.ini in the same directory as ScyllaHide.dll or the following hooks will not
work: NtUserQueryWindow, NtUserBuildHwndList, NtUserFindWindowEx

Info about NtApiCollection.ini:
Some Nt* WINAPI functions are not exported by a DLL, so it is necessary to get the function adresses
from another source. The other source is the PDB file. The adresses can be resolved with this tool:
https://bitbucket.or...-getprocaddress
It will download the PDB file from the Microsoft server to resolve the missing function adresses.
Binaries: NtApiTool.rar

From：https://forum.tuts4you.com/files/file/939-scyllahide/#

无邪

虽然完全看不懂,不知道干什么用的,还是先支持一下楼主

w.g

好东西 先收下

Kido

这个还是很好用的。

a779863081

下载了 谢谢了哦 可惜是E文的