Hyde 1.01

Hyde is a plugin for OllyDbg v2.xx, it's purpose is to hide OllyDbg from detection by the debugee. This is done by patching memory and API's, and the options (or patch sets) can be saved to file, for easy reloading.

For example, with an ASProtect target you can set the patches that you need for ASProtect and save to a file "ASProtect.SET". This patch-set file can then be loaded whenever you need to debug ASProtect.

Features:

• All patched apis should work "normally" - They should only hide OllyDbg, but work for other windows/processes etc.
• All patches/hooks are selectable from the menu for quick access, or from options dialog.
• Optional Jmp variations (Push/Ret or Jmp[xxxxxxxx]) for patches.
• Load/Save patch sets. Patch Sets are simply INI files, so can also be edited in notepad.
• Remote allocated memory is seperated into code and data with appropriate access so should be no problems with DEP.

Patches:

• PEB.IsDebugged
• PEB.NtGlobalFlag
• PEB.HeapFlags

Hooks:

• NtQueryInformationProcess
• NtQuerySystemInformation
• NtSetInformationThread
• FindWindowA
• FindWindowW
• FindWindowExA
• FindWindowExW
• EnumWindows
• Process32NextW
• OutputDebugStringA
• OutputDebugStringW
• NtQueryObject
• GetTickCount
• NtOpenProcess
• BlockInput
• NtClose
• GetStartupInfo

Future:

• Support any suggested hooks.
• Possibly change exception options for OllyDbg in patch-sets?
• Maybe detection of packer targets?