View Single Post
  #13  
Old 05-30-2017, 04:32
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 1,066
Rept. Given: 332
Rept. Rcvd 223 Times in 115 Posts
Thanks Given: 234
Thanks Rcvd at 512 Times in 288 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
Hider plugin for Syser

Get:
https://yadi.sk/d/L0UKb6QK3JYPRY
https://www.sendspace.com/file/hwp40a

Steps:
unpack (use same dir levels)
syser_hide.dll -> Plugins,
hide_generic.dll nearby main .exe

Who wants might use hide_generic.dll in their projects.
Steps:
as easy as LoadLibrary() and we are cool!
The dll sets up a hook over
ZwWaitForDebugEvent() in debugger process and installs the rest of hooks
and patches memory in a process under debug.

The config is embedded inside the file itself in the following way:
[\x00] - OFF
any other char - ON

Code:ZwQueryInformationProcess[x]
ZwSetInformationThread[x]
ZwClose[x]
NtGlobalFlag[x]
ProcessHeapFlag[x]
IsDebuggerPresent[x]

enjoy

(c) by Veliant from exelab.ru resource
You could reach him here
https://exelab.ru/f/index.php?action=userinfo&user=3136
Reply With Quote
The Following 2 Users Say Thank You to sendersu For This Useful Post:
Indigo (07-19-2019), niculaita (05-30-2017)