#31
|
||||
|
||||
Hi Carbon :
I think I try both file my compiled and ur release builds .and same result. I note that too when I use IDA it try to inject the dll and it fail too . I have code Plugin for x64_dbg. so when I use Quote:
maybe I do something wrong .
__________________
Ur Best Friend Ahmadmansoor Always My Best Friend: Aaron & JMI & ZeNiX |
#32
|
|||
|
|||
Your problem is probably the structure alignment. You must adjust the compiler settings to 1 byte structure alignment.
__________________
My blog: https://ntquery.wordpress.com |
#33
|
||||
|
||||
it is already : 1 Byte (/Zp1)
but I use vs 2010 v100 not v120 if could be make a problem !!
__________________
Ur Best Friend Ahmadmansoor Always My Best Friend: Aaron & JMI & ZeNiX |
#34
|
|||
|
|||
@ahmadmansoor
fork the scyllahide repo on bitbucket. then push the plugin as new project in the solution and I'll have a look and fixup the project. Edit: platform toolset isnt a problem. Actually all plugins and the hooklib are built for release with v90 for compatibility reasons but I do use v100 myself for developing. Also I do use V2010 Last edited by cypher; 05-07-2014 at 02:27. |
#35
|
|||
|
|||
Version 0.9
- All plugins use separate scylla_hide.ini now. ini is interchangeable between plugins ! (ini section in ollydbg.ini now deprecated !) - Load/Save ini profiles in Olly1&2 and IDA plugin - RunPE malware unpacker - NtSetInformationProcess Hook in GUI Please post your special Protector Profiles here.
__________________
My blog: https://ntquery.wordpress.com |
#36
|
||||
|
||||
Hi Carbon (although I'm used to spell another name.)
Your ScyllaHide does not seems to get along with the OdbgScript. As i related before with Phantom and StrongOD is OK to run the script and with ScyllaHide the script just "goes in the ditch". I think i will review my script and i will send you or eXoDia to take a look along with some unpackmes. |
#37
|
|||
|
|||
structure alignment of x64_dbg will be forced to 1 byte in the next release.
Greetings |
#38
|
|||
|
|||
Version 1.0
- added sprintf %s Olly1 bugfix to "Fix Olly bugs" - x64dbg 32/64bit plugins https://bitbucket.org/mrexodia/x64_dbg - fixed alignment bug 64bit The default ini contains settings for this protectors: - VMProtect x86/x64 - Obsidium x86 - Themida x86 - Armadillo x86 Themida/Winlicense x64 will only work with TitanHide
__________________
My blog: https://ntquery.wordpress.com |
#39
|
|||
|
|||
very nice work! congrats and keep going
Generally speaking you are the first who did hte x64 plugin fo rIDA, but I"m starting to test it from x32 as well some minor notes so far: Version 1.0: on Update check http://prntscr.com/3i1484 win xp sp3 eng prof x32 IDA 6.1 x32 2) version.txt inside the archive ScyllaHide_v1.0.rar contains the string "0.9" 3) how to use hte feature "RunPE malware unpacker" |
#40
|
|||
|
|||
New Version here.
Version 1.1 - Added "thanks" to About - Added kill anti-attach (for x86 only) - Olly v1 Plugin: Advanced CTRL+G - Olly v1 Plugin: Skip "compressed code" message - Olly v1 Plugin: Ignore bad PE image (WinUPack) - Olly v1 Plugin: Skip "Load DLL" message Thanks to MaRKuS-DJM for OllyAdvanced assembler source code. Check out the new documentation: https://bitbucket.org/NtQuery/scyllahide/downloads/ScyllaHidev1.1Doc.pdf
__________________
My blog: https://ntquery.wordpress.com |
The Following 11 Users Gave Reputation+1 to Carbon For This Useful Post: | ||
Artic (08-18-2014), besoeso (08-17-2014), emo (08-17-2014), Insid3Code (08-17-2014), kienmanowar (08-19-2014), mr.exodia (08-17-2014), quygia128 (08-18-2014), Storm Shadow (08-17-2014), uranus64 (08-17-2014), xtiaoshi (08-17-2014), Zipdecode (08-17-2014) |
#41
|
|||
|
|||
Does it support any version of IDA or specific version ?
|
#42
|
|||
|
|||
ScyllaHide is tested with IDA Pro 6.1, 6.3 and 6.5.
__________________
My blog: https://ntquery.wordpress.com |
#43
|
||||
|
||||
Plugin is running like a charm, and hiding very well.
Would it be possible to add the very nice pdf , as tooltips to the combo box explaining each item in future versions. Im using the ida version. Regards |
#44
|
|||
|
|||
@Storm Shadow
I don't think it is necessary to add tooltips. This is a lot of work for a very little usability increase @ALL There is a mistake in the provided Themida configuration!!! You must enable all NtUser* hooks for Themida! This is missing in the standard configuration. NtUserBuildHwndListHook=1 NtUserFindWindowExHook=1 NtUserQueryWindowHook=1 The Olly v1 plugin was updated with a little olly bugfix. https://bitbucket.org/NtQuery/scyllahide/downloads/ScyllaHideOllyv1_v1.2.rar And doc update: https://bitbucket.org/NtQuery/scyllahide/downloads/ScyllaHidev1.2Doc.pdf (e.g. more info about RunPE)
__________________
My blog: https://ntquery.wordpress.com |
#45
|
||||
|
||||
Quote:
Check in attach... By the way maybe someone can help to fill all the tips. There is only one problem, you've made a separate checkBox'es and labels in dialog template, but need to use only checkBox (Set Caption and Left Text = True). Last edited by UniSoft; 08-22-2014 at 07:55. |
The Following User Gave Reputation+1 to UniSoft For This Useful Post: | ||
Storm Shadow (08-22-2014) |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
ScyllaHide HookLibraryx86.dll | phroyt | General Discussion | 3 | 10-25-2019 09:48 |
ScyllaHide Detector | Lueilwitz | Source Code | 2 | 08-07-2019 06:32 |