ScyllaHideV1.3 官方最新版

Tags：OllyDbg

ScyllaHide是一个开源的x64/ x86的用户模式防反调试库。它的各种挂钩在用户模式功能隐藏调试。这将保持用户模式！对于内核模式挂钩使用TitanHide。

这个插件感觉蛮好用的
自定义配置文件
针对不同的壳做不同的设置  
插件已配置好
VMProtect x86/x64
ThemIDA x86
Obsidium x86
Armadillo x86
OllyDbg v1

OllyDbg v2

IDA

x64_dbg

Debugger Hiding:

- PEB - BeingDebugged, NtGlobalFlag, Heap Flags

- NtSetInformationThread - ThreadHideFromDebugger

- NtQuerySystemInformation - SystemKernelDebuggerInformation, SystemProcessInformation

- NtQueryInformationProcess - ProcessDebugFlags, ProcessDebugObjectHandle, ProcessDebugPort, ProcessBasicInformation

- NtQueryObject - ObjectTypesInformation, ObjectTypeInformation

- NtYieldExecution

- NtSetDebugFilterState

- NtUserBuildHwndList

- NtUserFindWindowEx

- NtUserQueryWindow

- NtClose

- GetTickCount

- BlockInput

- OutputDebugStringA

Protecting and Stealthing DRx (Hardware Breakpoints):

- NtGetContextThread

- NtSetContextThread

- KiUserExceptionDispatcher (only x86)

- NtContinue (only x86)

------------------------------------------------------

Usage standalone (debugger-independent):

InjectorCLI.exe <process name> <HookLibrary.dll path>

For example:

InjectorCLI.exe crackme.exe C:\HookLibrary.dll

------------------------------------------------------

Plugins:

- for TitanEngine: Copy HookLibrary.dll and ScyllaHide.dll to plugins\x86\ or plugins\x64\

(can be combined with TitanHide which does kernelmode hiding)

- for OllyDbg v1.10: Copy HookLibrary.dll and ScyllaHide.dll to your plugins directoy

- for OllyDbg v2.01: Copy HookLibrary.dll and ScyllaHide.dll to your plugins directoy