Results 1 to 10 of 10

Thread: aadp4olly

  1. #1

    aadp4olly

    http://code.google.com/p/aadp

    aadp is a collection of plugins that aims to hide most of the well knowns debuggers from most of anti-debugging techniques.
    Latest Changes¶
    aadp4olly¶

    Version 0.1.1

    * Fixed a bug when the plugin's window is closed (reported by marciano).

    Version 0.1

    aadp4olly hide Ollydbg from the following tricks:

    * IsDebuggerPresent (via PEB patching, BeingDebugged flag)
    * NtGlobalFlags
    * HeapFlags
    * GetTickCount
    * ZwQueryInformationProcess
    * ZwSetInformationThread
    * OutputDebugStringA

  2. #2
    Great Plugin! I would like to see the author implement a hide feature for OutputDebugStringW. This would be a feature that to my knowledge, no other hiding plugin has.

  3. #3
    Hi!,

    i've never seen a packer doing use of the OutputDebugStringW as antidbg trick, just OutputDebugStringA, however, i can add it if you want, if you can provide me a testcase for ir it would be great.

    BR,
    NCR

    Quote Originally Posted by chessgod101 View Post
    Great Plugin! I would like to see the author implement a hide feature for OutputDebugStringW. This would be a feature that to my knowledge, no other hiding plugin has.

  4. #4
    Check you PM. I did not want to post a link to a commercial software in the forum. Thank you!

  5. #5
    got it!.

    Thanks!.

    Quote Originally Posted by chessgod101 View Post
    Check you PM. I did not want to post a link to a commercial software in the forum. Thank you!

  6. #6
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Looks good.

    CRCETL:
    http://www.woodmann.com/collaborative/tools/index.php/Aadp


    Btw, you might want to get some extra inspiration from some other tool hiding tools too:

    http://www.woodmann.com/collaborative/tools/index.php/Category:Tool_Hiding_Tools
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  7. #7
    Thanks dELTA!,

    i'm finishing the v0.2, maybe next week i will release it, i'm just waiting for the OK from my friend marciano (my beta tester :P).

    BR,
    NCR

    Quote Originally Posted by dELTA View Post
    Looks good.

    CRCETL:
    http://www.woodmann.com/collaborative/tools/index.php/Aadp


    Btw, you might want to get some extra inspiration from some other tool hiding tools too:

    http://www.woodmann.com/collaborative/tools/index.php/Category:Tool_Hiding_Tools

  8. #8
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Ok, sounds great. Please feel free to continuously update its CRCETL entry yourself, as new versions are released.
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  9. #9
    Thanks again! dELTA!

    Quote Originally Posted by dELTA View Post
    Ok, sounds great. Please feel free to continuously update its CRCETL entry yourself, as new versions are released.

  10. #10
    Hi!,

    i want to let you know that a new version of aadp4olly was released (v0.2).

    v0.2 (29/11/2010)
    --

    - added Anti-Antidebugging features for the following tricks:
    * BlockInput
    * SuspendThread
    * UnhandledExceptionFilter
    * Process32Next
    * Module32Next
    * ZwQuerySystemInformation
    * ZwQueryObject
    * TerminateProcess
    * ZwOPenProcess
    * FindWindow

    - now, the plugin should support XP (ALL), Windows Vista (ALL) and Windows 7 (ALL) OS.
    You can download it at: http://code.google.com/p/aadp/

    Some bugs still remain from v0.1.3 but will be fixed in v0.3, i'm currently working on it.

    BR,
    NCR

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •