Exetools  

Go Back   Exetools > General > Community Tools
Reload this Page ScyllaHide
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 05-07-2014, 01:33
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Coder
  
Join Date: Feb 2006
Location: Syria
Posts: 1,047
Rept. Given: 517
Rept. Rcvd 374 Times in 142 Posts
Thanks Given: 380
Thanks Rcvd at 416 Times in 119 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
Hi Carbon :
I think I try both file my compiled and ur release builds .and same result.
I note that too when I use IDA it try to inject the dll and it fail too .
I have code Plugin for x64_dbg.
so when I use
Quote:
if (specialPebFix)
{
StartFixBeingDebugged(ProcessId, false);
specialPebFix = false;
}

if (PLUG_CB_DEBUGEVENTx->DebugEvent->u.LoadDll.lpBaseOfDll == hNtdllModule)
{
StartFixBeingDebugged(ProcessId, true);
specialPebFix = true;
}
after cbCB_DEBUGEVENT ,so if we use it the debugger will catched .
maybe I do something wrong .
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
  #2  
Old 05-07-2014, 02:03
Carbon Carbon is offline
VIP
  
Join Date: Sep 2013
Posts: 113
Rept. Given: 7
Rept. Rcvd 189 Times in 48 Posts
Thanks Given: 0
Thanks Rcvd at 60 Times in 19 Posts
Carbon Reputation: 100-199 Carbon Reputation: 100-199
Your problem is probably the structure alignment. You must adjust the compiler settings to 1 byte structure alignment.
__________________
My blog: https://ntquery.wordpress.com
Reply With Quote
  #3  
Old 08-17-2014, 02:00
Carbon Carbon is offline
VIP
  
Join Date: Sep 2013
Posts: 113
Rept. Given: 7
Rept. Rcvd 189 Times in 48 Posts
Thanks Given: 0
Thanks Rcvd at 60 Times in 19 Posts
Carbon Reputation: 100-199 Carbon Reputation: 100-199
New Version here.

Version 1.1
- Added "thanks" to About
- Added kill anti-attach (for x86 only)
- Olly v1 Plugin: Advanced CTRL+G
- Olly v1 Plugin: Skip "compressed code" message
- Olly v1 Plugin: Ignore bad PE image (WinUPack)
- Olly v1 Plugin: Skip "Load DLL" message

Thanks to MaRKuS-DJM for OllyAdvanced assembler source code.

Check out the new documentation: https://bitbucket.org/NtQuery/scyllahide/downloads/ScyllaHidev1.1Doc.pdf
__________________
My blog: https://ntquery.wordpress.com
Reply With Quote
The Following 11 Users Gave Reputation+1 to Carbon For This Useful Post:
Artic (08-18-2014), besoeso (08-17-2014), emo (08-17-2014), Insid3Code (08-17-2014), kienmanowar (08-19-2014), mr.exodia (08-17-2014), quygia128 (08-18-2014), Storm Shadow (08-17-2014), uranus64 (08-17-2014), xtiaoshi (08-17-2014), Zipdecode (08-17-2014)
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
ScyllaHide HookLibraryx86.dll phroyt General Discussion 3 10-25-2019 09:48
ScyllaHide Detector Lueilwitz Source Code 2 08-07-2019 06:32


All times are GMT +8. The time now is 13:52.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )