#16
|
||||
|
||||
Problem solved.
After downloaded the symbols, we need to use pdb-getprocaddress to get three addresses. In my system, they are... [060200000109_x86_000162F9] NtUserQueryWindow=00009965 NtUserBuildHwndList=0000FBB1 NtUserFindWindowEx=0000804C |
#17
|
|||
|
|||
Thanks ZeNiX, I added it here:
https://bitbucket.org/NtQuery/pdb-getprocaddress/commits/8ac27b0c21d3df3b95e775afff24ad993fc492d8 If somebody wants to share his config, please do it
__________________
My blog: https://ntquery.wordpress.com |
#18
|
||||
|
||||
heres mine:
[060200000100_x86_00025FBF] NtUserQueryWindow=00008CC1 NtUserBuildHwndList=00011DC3 NtUserFindWindowEx=00007757 NtUserInternalGetWindowText=0000CC60 NtUserGetClassName=00008CE3 |
The Following User Gave Reputation+1 to DMichael For This Useful Post: | ||
Dreamer (04-16-2014) |
#19
|
|||
|
|||
Version 0.3
- Fix for Olly plugins caption reset - Fix STARTUPINFO structure, GetStartupInfoA/W - Resume/Suspend all Threads in Thread window - x64 compatibility mode for Olly1 - fix PE-Bugs for Olly1 - fix FPU-Bug for Olly1 - split "Protect DRx" into its options (ini option ProtectDRx now deprecated) - Fix PEB Patch bug, now Themida works on WinXP Binary: https://bitbucket.org/NtQuery/scyllahide/downloads/ScyllaHide_v0.3.rar Source: https://bitbucket.org/NtQuery/scyllahide/
__________________
My blog: https://ntquery.wordpress.com |
The Following 4 Users Gave Reputation+1 to Carbon For This Useful Post: | ||
#20
|
|||
|
|||
Version 0.4
- Olly v1/v2 Plugins: Apply hooks without restarting - Olly v1 Plugin: Added "Break on TLS" https://bitbucket.org/NtQuery/scyllahide/downloads/ScyllaHide_v0.4.rar
__________________
My blog: https://ntquery.wordpress.com |
The Following User Gave Reputation+1 to Carbon For This Useful Post: | ||
zeuscane (04-21-2014) |
#21
|
||||
|
||||
Thank you for the binary release. I've got the source via github and I'm building my own "nightlies" - was this built in VS2008 or VS2010? It isn't native to 2012 or 2013
|
#22
|
|||
|
|||
I'm building with VS2010. Since the platform toolset is set to v90, you either need to have VS2008 express installed to get that toolset or you simply change toolset to v100.
We use v90 on purpose to guarantee max compatibility on older systems but for testing, v100 is just fine. |
#23
|
|||
|
|||
Version 0.5
- NtCreateThreadEx hook - Prevent Thread creation (special hook for some protectors like Execryptor. Only use this if you know what you do) - Split Hide PEB into 4 options (ini option PEB now deprecated) - Inject DLL option added (2 methods) - Replaced Olly2 dialog - Improved "Break on TLS" Download: you know where
__________________
My blog: https://ntquery.wordpress.com |
#24
|
|||
|
|||
Version 0.7
- IDA 64bit plugin - IDA 32/64bit remote server - IDA DLL Injection - IDA option to start x64 server automatically |
#25
|
|||
|
|||
Version 0.8
- Olly v1 Plugin: option "Skip EP outside of code message" - Fix for NtSetInformationProcess -> ProcessHandleTracing - All plugins: Update-Check - Timing Hooks: GetTickCount, GetTickCount64, GetLocalTime, GetSystemTime, NtQuerySystemTime, NtQueryPerformanceCounter - "Remove Debug Privileges" added |
#26
|
||||
|
||||
@cypher
Is posible add io hooks support too?, so DeviceIoControlFile. |
#27
|
|||
|
|||
@besoeso
How does this work? Antidebug with DeviceIoControlFile? Do you have an example code?
__________________
My blog: https://ntquery.wordpress.com |
#28
|
||||
|
||||
Congrats mate...
I have tested today with a VMProtect target and to my real surprise it works flawless. Offtopic: Just don't forget the Scylla 0.9.6b problem that i have reported of Themida nnpack in tuts4you. See ya! |
#29
|
||||
|
||||
x64 need more test
Hi Carbon
I have make some more check on x64 . I keep get ((Warning wrong struct size 504 != 396)) or the HookLibraryx64.dll not been injected . by the way what the useful of : Quote:
__________________
Ur Best Friend Ahmadmansoor Always My Best Friend: Aaron & JMI & ZeNiX |
#30
|
|||
|
|||
Quote:
Quote:
__________________
My blog: https://ntquery.wordpress.com |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
ScyllaHide HookLibraryx86.dll | phroyt | General Discussion | 3 | 10-25-2019 09:48 |
ScyllaHide Detector | Lueilwitz | Source Code | 2 | 08-07-2019 06:32 |