About This File
Hyde is a plugin for OllyDbg v2.xx, it's purpose is to hide OllyDbg from detection by the debugee. This is done by patching memory and API's, and the options (or patch sets) can be saved to file, for easy reloading.
For example, with an ASProtect target you can set the patches that you need for ASProtect and save to a file "ASProtect.SET". This patch-set file can then be loaded whenever you need to debug ASProtect.
Features:
- All patched apis should work "normally" - They should only hide OllyDbg, but work for other windows/processes etc.
- All patches/hooks are selectable from the menu for quick access, or from options dialog.
- Optional Jmp variations (Push/Ret or Jmp[xxxxxxxx]) for patches.
- Load/Save patch sets. Patch Sets are simply INI files, so can also be edited in notepad.
- Remote allocated memory is seperated into code and data with appropriate access so should be no problems with DEP.
Patches:
- PEB.IsDebugged
- PEB.NtGlobalFlag
- PEB.HeapFlags
Hooks:
- NtQueryInformationProcess
- NtQuerySystemInformation
- NtSetInformationThread
- FindWindowA
- FindWindowW
- FindWindowExA
- FindWindowExW
- EnumWindows
- Process32NextW
- OutputDebugStringA
- OutputDebugStringW
- NtQueryObject
- GetTickCount
- NtOpenProcess
- BlockInput
- NtClose
- GetStartupInfo
Future:
- Support any suggested hooks.
- Possibly change exception options for OllyDbg in patch-sets?
- Maybe detection of packer targets?
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now