Exetools  

Go Back   Exetools > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-31-2015, 21:47
sh3dow sh3dow is offline
Family
 
Join Date: Oct 2014
Posts: 158
Rept. Given: 113
Rept. Rcvd 79 Times in 24 Posts
Thanks Given: 458
Thanks Rcvd at 202 Times in 75 Posts
sh3dow Reputation: 79
Talking DbgHook plugin for Olly 2.1 hooks the classics functions used for antidebugĄ¯s tricks

DbgHook is plugin for Olly 2.1 that hooks the classics functions used for antidebug's tricks, the driver is for Windows 7 x64 (tested on build 7600.16385.1), so for running it need to be registered and PatchGuard disabled (you can use tools like DSEO).
the plugin lets you control the following options:
-Flags
-Time (dynamic fake time,it freeze process's timers when you stop the execution,you can also chose a time's multiplication factor for clocks and RDTSC)
-Windows (hides Olly's window to debugged process)
-NtQuerySystemInformation
-NtSetDebugFilterState
-NtQueryInformationProcess
-NtOpenProcess
-NtClose
-NtUserBlockInput
-OutputDebugString
-NtTerminateProcess
-NtQueryInformationThread
-NtSetInformationThread
-Driver's name

the plugin by walter1945 from _https://quequero.org

from attachment(with builds and sources)
Attached Files
File Type: rar DbgHook.rar (142.8 KB, 41 views)

Last edited by sh3dow; 01-31-2015 at 21:55.
Reply With Quote
The Following 7 Users Gave Reputation+1 to sh3dow For This Useful Post:
an0rma1 (02-02-2015), b30wulf (01-31-2015), emo (02-01-2015), Hypnz (02-01-2015), mr.exodia (02-01-2015), rooky2000 (01-31-2015), uel888 (02-01-2015)
  #2  
Old 02-01-2015, 08:26
mr.exodia mr.exodia is offline
Retired Moderator
 
Join Date: Nov 2011
Posts: 784
Rept. Given: 492
Rept. Rcvd 1,122 Times in 305 Posts
Thanks Given: 90
Thanks Rcvd at 711 Times in 333 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
the code is very hacked and uncommented, but it looks like a nice thing
Reply With Quote
  #3  
Old 02-01-2015, 19:30
sh3dow sh3dow is offline
Family
 
Join Date: Oct 2014
Posts: 158
Rept. Given: 113
Rept. Rcvd 79 Times in 24 Posts
Thanks Given: 458
Thanks Rcvd at 202 Times in 75 Posts
sh3dow Reputation: 79
Quote:
Originally Posted by mr.exodia View Post
the code is very hacked and uncommented, but it looks like a nice thing
Yes, and as he wrote
I also decided to publish the source for two reason:
-I'm not a good programmer so other people like me can learn how this tools works and how build a similar.
-I hope other people of comunity contribute adding or improving the plugin
.
Reply With Quote
Reply

Tags
ollydbg plugins, ollydbg2

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
unlinker IDA - an IDA plugin for extracting functions from a PE file for later reuse jonwil Community Tools 10 02-26-2022 04:48
nice olly plugin britedream General Discussion 72 03-28-2004 04:50


All times are GMT +8. The time now is 07:37.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )