Thread: ScyllaHide
View Single Post
  #79  
Old 10-05-2016, 13:05
mudlord's Avatar
mudlord mudlord is offline
Family
 
Join Date: Aug 2015
Posts: 83
Rept. Given: 11
Rept. Rcvd 69 Times in 25 Posts
Thanks Given: 37
Thanks Rcvd at 190 Times in 50 Posts
mudlord Reputation: 69
I did some testing.

https://github.com/x64dbg/ScyllaHide/issues/2

Seems there is junk bytes at Win10 Anniversary's NtQueryInformationProcess call as well as a different signature. The code leading to the gateway is a JMP to the jmp (so two jmps) to the gateway, whereas Win8.1 is a simple jmp. More details are at that issue link.

Quote:
Originally Posted by Kla$ View Post
Please fix bug on update Windows 10 in ollydbg1 and ollydbg2
thank you in advance

---------------------------
Error
---------------------------
Windows 10 SysWowSpecialJmpAddress was not found!
---------------------------
§°§¬
---------------------------

---------------------------
ERROR
---------------------------
Unknown syscall structure!
---------------------------
§°§¬
---------------------------
That bug I managed to fix, but I haven't checked the remaining ones. There was also changes for 3 APIs that are enough for Obsidium and Themida targets to be detected. So far for me, managed to get VMP debugged.

Last edited by mudlord; 10-06-2016 at 05:58.
Reply With Quote