Exetools  

Go Back   Exetools > General > Community Tools
Reload this Page DbgHook plugin for Olly 2.1 hooks the classics functions used for antidebug��s tricks
Register Forum Rules FAQ Calendar

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-31-2015, 21:47
sh3dow sh3dow is offline
Family
  
Join Date: Oct 2014
Posts: 158
Rept. Given: 113
Rept. Rcvd 79 Times in 24 Posts
Thanks Given: 461
Thanks Rcvd at 202 Times in 75 Posts
sh3dow Reputation: 79
Talking DbgHook plugin for Olly 2.1 hooks the classics functions used for antidebug��s tricks
DbgHook is plugin for Olly 2.1 that hooks the classics functions used for antidebug's tricks, the driver is for Windows 7 x64 (tested on build 7600.16385.1), so for running it need to be registered and PatchGuard disabled (you can use tools like DSEO).
the plugin lets you control the following options:
-Flags
-Time (dynamic fake time,it freeze process's timers when you stop the execution,you can also chose a time's multiplication factor for clocks and RDTSC)
-Windows (hides Olly's window to debugged process)
-NtQuerySystemInformation
-NtSetDebugFilterState
-NtQueryInformationProcess
-NtOpenProcess
-NtClose
-NtUserBlockInput
-OutputDebugString
-NtTerminateProcess
-NtQueryInformationThread
-NtSetInformationThread
-Driver's name

the plugin by walter1945 from _https://quequero.org

from attachment(with builds and sources)
Attached Files
File Type: rar DbgHook.rar (142.8 KB, 41 views)
Last edited by sh3dow; 01-31-2015 at 21:55.
Reply With Quote
The Following 7 Users Gave Reputation+1 to sh3dow For This Useful Post:
an0rma1 (02-02-2015), b30wulf (01-31-2015), emo (02-01-2015), Hypnz (02-01-2015), mr.exodia (02-01-2015), rooky2000 (01-31-2015), uel888 (02-01-2015)
  #2  
Old 02-01-2015, 08:26
mr.exodia mr.exodia is offline
Retired Moderator
  
Join Date: Nov 2011
Posts: 783
Rept. Given: 490
Rept. Rcvd 1,123 Times in 305 Posts
Thanks Given: 89
Thanks Rcvd at 716 Times in 333 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
the code is very hacked and uncommented, but it looks like a nice thing
Reply With Quote
  #3  
Old 02-01-2015, 19:30
sh3dow sh3dow is offline
Family
  
Join Date: Oct 2014
Posts: 158
Rept. Given: 113
Rept. Rcvd 79 Times in 24 Posts
Thanks Given: 461
Thanks Rcvd at 202 Times in 75 Posts
sh3dow Reputation: 79
Quote:
Originally Posted by mr.exodia View Post
the code is very hacked and uncommented, but it looks like a nice thing
Yes, and as he wrote
I also decided to publish the source for two reason:
-I'm not a good programmer so other people like me can learn how this tools works and how build a similar.
-I hope other people of comunity contribute adding or improving the plugin.
Reply With Quote
Reply

Tags
ollydbg plugins, ollydbg2

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
unlinker IDA - an IDA plugin for extracting functions from a PE file for later reuse jonwil Community Tools 9 02-26-2022 04:48


All times are GMT +8. The time now is 07:07.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )