Thread: ScyllaHide
View Single Post
  #77  
Old 08-31-2016, 01:51
Storm Shadow's Avatar
Storm Shadow Storm Shadow is offline
Family
 
Join Date: Jun 2014
Posts: 281
Rept. Given: 186
Rept. Rcvd 191 Times in 78 Posts
Thanks Given: 138
Thanks Rcvd at 245 Times in 97 Posts
Storm Shadow Reputation: 100-199 Storm Shadow Reputation: 100-199
Little update

after crash with ida and after debugging it.
it seem to make a x64 hook first in a x86 app and idaserverx86
and some more problems

1 bug)
it crashes cause it attempts to make x64 connection in a x86 app

fails on
Code:
IDAServerx86.exe!DetourCreateRemoteNativeSysWow64(void * hProcess, void * lpFuncOrig, void * lpFuncDetour, bool createTramp, unsigned long * backupSize)  Line 356 + 0x5 bytes
but not on

Code:
 IDAServerx86.exe!DetourCreateRemoteNative32(void * hProcess, void * lpFuncOrig, void * lpFuncDetour, bool createTramp, unsigned long * backupSize)  Line 532 + 0x1a bytes  C++
i forwarded line 350-354 for spaces
https://github.com/x64dbg/ScyllaHide...k.cpp#L350-354
Not sure why , but i am a python guy.
It seems to jump to x86 hook insteed of the x64, but a smart person told me that it should not matter in c++.

suggestions:
Maybe dev should use

Code:
If __EA64__ 
    call x64

else:
    call x86

2 bug)
also i saw port access violation


In win 10 even if you have a firewall you bought you have to open ports in the internal win 10 one, even if disabled.
in start menu type WF.msc open udp-tcp port 1337.

3 bug)
and for fixing the structure error for now
untick NTQueryInformationprocess in scyllahide settings

result
Code:
Listening on port 1337...
Accepted Client 1
[ScyllaHide] Hook Injection successful, Imagebase 001D0000
__________________
The devil whispered in my ear, "you're not strong enough to withstand the storm."

Today I whispered in the devils ear, "I am the storm."

Last edited by Storm Shadow; 08-31-2016 at 02:24.
Reply With Quote
The Following User Gave Reputation+1 to Storm Shadow For This Useful Post:
niculaita (08-31-2016)
The Following User Says Thank You to Storm Shadow For This Useful Post:
niculaita (08-31-2016)