ScyllaHide

Storm Shadow · #1 08-31-2016, 01:51

Little update

after crash with ida and after debugging it.
it seem to make a x64 hook first in a x86 app and idaserverx86
and some more problems

1 bug)
it crashes cause it attempts to make x64 connection in a x86 app

fails on

Code:

IDAServerx86.exe!DetourCreateRemoteNativeSysWow64(void * hProcess, void * lpFuncOrig, void * lpFuncDetour, bool createTramp, unsigned long * backupSize)  Line 356 + 0x5 bytes

but not on

Code:

 IDAServerx86.exe!DetourCreateRemoteNative32(void * hProcess, void * lpFuncOrig, void * lpFuncDetour, bool createTramp, unsigned long * backupSize)  Line 532 + 0x1a bytes  C++

i forwarded line 350-354 for spaces
https://github.com/x64dbg/ScyllaHide...k.cpp#L350-354
Not sure why , but i am a python guy.
It seems to jump to x86 hook insteed of the x64, but a smart person told me that it should not matter in c++.

suggestions:
Maybe dev should use

Code:

If __EA64__ 
    call x64

else:
    call x86

2 bug)
also i saw port access violation

In win 10 even if you have a firewall you bought you have to open ports in the internal win 10 one, even if disabled.
in start menu type WF.msc open udp-tcp port 1337.

3 bug)
and for fixing the structure error for now
untick NTQueryInformationprocess in scyllahide settings

result

Code:

Listening on port 1337...
Accepted Client 1
[ScyllaHide] Hook Injection successful, Imagebase 001D0000

Thread Tools
Show Printable Version Email this Page
Display Modes
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
ScyllaHide HookLibraryx86.dll	phroyt	General Discussion	3	10-25-2019 09:48
ScyllaHide Detector	Lueilwitz	Source Code	2	08-07-2019 06:32

The Following User Gave Reputation+1 to Storm Shadow For This Useful Post:
niculaita (08-31-2016)

The Following User Says Thank You to Storm Shadow For This Useful Post:
niculaita (08-31-2016)