Hi Carbon :
I think I try both file my compiled and ur release builds .and same result. I note that too when I use IDA it try to inject the dll and it fail too . I have code Plugin for x64_dbg. so when I use Quote:
maybe I do something wrong . |
Your problem is probably the structure alignment. You must adjust the compiler settings to 1 byte structure alignment.
|
it is already : 1 Byte (/Zp1)
but I use vs 2010 v100 not v120 if could be make a problem !! |
@ahmadmansoor
fork the scyllahide repo on bitbucket. then push the plugin as new project in the solution and I'll have a look and fixup the project. Edit: platform toolset isnt a problem. Actually all plugins and the hooklib are built for release with v90 for compatibility reasons but I do use v100 myself for developing. Also I do use V2010 |
Version 0.9
- All plugins use separate scylla_hide.ini now. ini is interchangeable between plugins ! (ini section in ollydbg.ini now deprecated !) - Load/Save ini profiles in Olly1&2 and IDA plugin - RunPE malware unpacker - NtSetInformationProcess Hook in GUI Please post your special Protector Profiles here. |
Hi Carbon (although I'm used to spell another name.)
Your ScyllaHide does not seems to get along with the OdbgScript. As i related before with Phantom and StrongOD is OK to run the script and with ScyllaHide the script just "goes in the ditch". I think i will review my script and i will send you or eXoDia to take a look along with some unpackmes. :) |
structure alignment of x64_dbg will be forced to 1 byte in the next release.
Greetings |
Version 1.0
- added sprintf %s Olly1 bugfix to "Fix Olly bugs" - x64dbg 32/64bit plugins https://bitbucket.org/mrexodia/x64_dbg - fixed alignment bug 64bit The default ini contains settings for this protectors: - VMProtect x86/x64 - Obsidium x86 - Themida x86 - Armadillo x86 Themida/Winlicense x64 will only work with TitanHide |
very nice work! congrats and keep going :)
Generally speaking you are the first who did hte x64 plugin fo rIDA, but I"m starting to test it from x32 as well some minor notes so far: Version 1.0: on Update check http://prntscr.com/3i1484 win xp sp3 eng prof x32 IDA 6.1 x32 2) version.txt inside the archive ScyllaHide_v1.0.rar contains the string "0.9" 3) how to use hte feature "RunPE malware unpacker" |
New Version here.
Version 1.1 - Added "thanks" to About - Added kill anti-attach (for x86 only) - Olly v1 Plugin: Advanced CTRL+G - Olly v1 Plugin: Skip "compressed code" message - Olly v1 Plugin: Ignore bad PE image (WinUPack) - Olly v1 Plugin: Skip "Load DLL" message Thanks to MaRKuS-DJM for OllyAdvanced assembler source code. Check out the new documentation: https://bitbucket.org/NtQuery/scyllahide/downloads/ScyllaHidev1.1Doc.pdf |
Does it support any version of IDA or specific version ?
|
ScyllaHide is tested with IDA Pro 6.1, 6.3 and 6.5.
|
Plugin is running like a charm, and hiding very well.
Would it be possible to add the very nice pdf , as tooltips to the combo box explaining each item in future versions. Im using the ida version. Regards |
@Storm Shadow
I don't think it is necessary to add tooltips. This is a lot of work for a very little usability increase @ALL There is a mistake in the provided Themida configuration!!! You must enable all NtUser* hooks for Themida! This is missing in the standard configuration. NtUserBuildHwndListHook=1 NtUserFindWindowExHook=1 NtUserQueryWindowHook=1 The Olly v1 plugin was updated with a little olly bugfix. https://bitbucket.org/NtQuery/scyllahide/downloads/ScyllaHideOllyv1_v1.2.rar And doc update: https://bitbucket.org/NtQuery/scyllahide/downloads/ScyllaHidev1.2Doc.pdf (e.g. more info about RunPE) |
1 Attachment(s)
Quote:
Check in attach... By the way maybe someone can help to fill all the tips. There is only one problem, you've made a separate checkBox'es and labels in dialog template, but need to use only checkBox (Set Caption and Left Text = True). |
All times are GMT +8. The time now is 07:02. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX