ScyllaHide

ScyllaHide是一個(gè)開(kāi)源的x64/ x86的用戶模式防反調(diào)試庫(kù)。它的各種掛鉤在用戶模式功能隱藏調(diào)試。這將保持用戶模式！對(duì)于內(nèi)核模式掛鉤使用TitanHide。

這個(gè)插件感覺(jué)蠻好用的
自定義配置文件
針對(duì)不同的殼做不同的設(shè)置  
插件已配置好
VMProtect x86/x64
ThemIDA x86
Obsidium x86
Armadillo x86
OllyDbg v1

OllyDbg v2

IDA

x64_dbg

Debugger Hiding:

- PEB - BeingDebugged, NtGlobalFlag, Heap Flags

- NtSetInformationThread - ThreadHideFromDebugger

- NtQuerySystemInformation - SystemKernelDebuggerInformation, SystemProcessInformation

- NtQueryInformationProcess - ProcessDebugFlags, ProcessDebugObjectHandle, ProcessDebugPort, ProcessBasicInformation

- NtQueryObject - ObjectTypesInformation, ObjectTypeInformation

- NtYieldExecution

- NtSetDebugFilterState

- NtUserBuildHwndList

- NtUserFindWindowEx

- NtUserQueryWindow

- NtClose

- GetTickCount

- BlockInput

- OutputDebugStringA

Protecting and Stealthing DRx (Hardware Breakpoints):

- NtGetContextThread

- NtSetContextThread

- KiUserExceptionDispatcher (only x86)

- NtContinue (only x86)

------------------------------------------------------

Usage standalone (debugger-independent):

InjectorCLI.exe <process name> <HookLibrary.dll path>

For example:

InjectorCLI.exe crackme.exe C:\HookLibrary.dll

------------------------------------------------------

Plugins:

- for TitanEngine: Copy HookLibrary.dll and ScyllaHide.dll to plugins\x86\ or plugins\x64\

(can be combined with TitanHide which does kernelmode hiding)

- for OllyDbg v1.10: Copy HookLibrary.dll and ScyllaHide.dll to your plugins directoy

- for OllyDbg v2.01: Copy HookLibrary.dll and ScyllaHide.dll to your plugins directoy