Forums
-
Community Links
-
Terms, Privacy Policy & Frequently Asked Questions (244,607 visits to this link)
-
-
Community Discussions
-
- 2.3k
- posts
-
-
Developers Forums
-
- 12.6k
- posts
-
- 417
- posts
-
- The Free Programming E-Books Topic
- By Progman,
-
- 927
- posts
-
- help for macOs protector
- By khodam,
-
-
Reverse Code Engineering
-
- 14.6k
- posts
-
- 229
- posts
-
- 452
- posts
-
- Get past an Incapsula block HTTP request
- By Progman,
-
- 1.7k
- posts
-
- powershell script
- By TeRcO,
-
- 2.5k
- posts
-
- Revteam Reverse Engineering Collection
- By Redstarx,
-
- 197
- posts
-
-
Community Projects
-
- 506
- posts
-
- Scylla Imports Reconstruction Source
- By Progman,
-
- 1.3k
- posts
-
- How to use x64dbgida plugin
- By neomkingdom,
-
- 148
- posts
-
- 820
- posts
-
- Driver doesn't want to start
- By Progman,
-
-
Member Statistics
25,233
Total Members7,713
Most Online
Newest Member
tortur
Joined
-
Posts
-
By boot · Posted
I have also released a simple demo version plugin. This is a protected example. -
By jackyjask · Posted
time to add new anti-dbg trick into ScyllaHide plugin !?!? -
By lengyue · Posted
You are wonderful. -
By karan · Posted
Among the anti-debug techniques, there's an interesting one worth noting. A dummy thread is created and then it calls Sleep(0x32). (The goal is for the created thread to be detected by tools like x64dbg.) Then, it calls NtQueryObject with the ObjectBasicInformation class using the thread handle. If the returned HandleCount is greater than 1, it determines that debugging is in progress. void dummy() { Sleep(8000); } bool CheckCreateThreadHandleCount() { HANDLE hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)dummy, NULL, 0, NULL); if (hThread == NULL) { return false; } Sleep(0x32); PUBLIC_OBJECT_BASIC_INFORMATION objInfo; NTSTATUS status = NtQueryObject(hThread, ObjectBasicInformation, &objInfo, sizeof(objInfo), NULL); if (!NT_SUCCESS(status)) { CloseHandle(hThread); return false; } std::cout << "Handle Count: " << objInfo.HandleCount << std::endl; if (objInfo.HandleCount > 1) { CloseHandle(hThread); return true; } CloseHandle(hThread); return false; } -
By lovejoy226 · Posted
Not a debugger? Regards. sean.
-
-
Popular Contributors
-
1
Asadkhan
14 -
2
lovejoy226
14 -
3
jackyjask
13 -
4
14yoKID
11 -
5
whoknows
6
-
-
Files
-
-
File Comments
-
By Teerayoot · Posted
1.43 +fix pass command line in Manual Map option. +check old byte before patch (1337 file) +detect x86 or x64 file image if not same exe will crash. Remote Process Injector1.43.zip -
-
By Teerayoot · Posted
release 1.42 +support x86 injection(LdrLoadDll) +fix bug(load patch file) Remote Process Injector1.42.rar -
By Teerayoot · Posted
I released new version to 1.4 +dlll manual map +random tittle name .Remote Process Injector1.4.zip -
By Teerayoot · Posted
This prog allow code to execute at main exe entry point. I suspect others load dll that dll not get execute first. Also others maybe free x86 not x64 .
-
-
Tell a friend
