Jump to content
Tuts 4 You

1 Screenshot

About This File

This little tool has 2 buttons.

1. The first, "Hide", hooks th IsDebuggerPresent API and makes it unuseful against debuggers. The Armadillo software protection system is owned by this trick ! After having hidden your debuggers, you can restore the first verion of the API by re-clicking the button, which caption had changed to "Un-Hide".

2. The second button enables you to activate breakpoints on Windows APIs in OllyDbg under 9x systems, thing which was impossible. Caution, it makes your Kernel32 in memory WRITEABLE, so a simple line of code can kill your most basic Windows functions, until next reboot.

After having set breakpoints with OllyDBG, if you are not sure your Kernel is clean, you can fix all the APIs's first byte by clicking "Fix". After that a messagebox appears, asking you if you want to COMPLETELY clean you Kernel. If you answer YES, you will be able to execute ALL applications, the no-imports ones too.

If you answer NO, you will be able to re-fix your Kernel as you want, when you want, until you click YES.

All these tricks work, even if you close OllyGHOST. It detects if you have the bps enabled or IsDebuggerPresent hooked, and inits itself, following the different cases.


User Feedback

Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...