Results 1 to 8 of 8

Thread: OllyDbg2 plugin to hide Olly2 from debugee

Hybrid View

  1. #1

    OllyDbg2 plugin to hide Olly2 from debugee

    Hi all,

    I was going to submit my OllyDbg2 plugin to the RCE tool library but couldn't find an OllyDbg2 category ..
    I don't want to confuse things by putting OllyDbg v2 with OllyDbg v1.10
    So could someone please add a new category, and my plugin to it please. Thanks

    Anyway, my plugin hides OllyDbg2 from detection / anti-debug tricks. It's written from scratch since so many old detections are now irrelevant, eg ESI != -1, so I will add things if they are useful for Olly2

    I hope it is useful to you

    Code:
    http://bob.droppages.com/Projects/OllyDbg2/Hyde
    Have fun!
    BoB
    Last edited by BoB; September 14th, 2011 at 04:11.

  2. #2
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,047
    Blog Entries
    5
    Hi BoB

    Thanks for kicking this off. I added a new category for OllyDbg 2.x extensions

    http://www.woodmann.com/collaborative/tools/index.php/Category:OllyDbg_2.x_Extensions

    and added your plugin, please modify if desired

    http://www.woodmann.com/collaborative/tools/index.php/Hyde


    For all, please add any other 2.x plugins under this category. There is a permanent link to the 1.x and 2.x OllyDbg Extensions under "Some Useful Places" at the bottom of the forum page.

    Cheers,
    Kayaker

  3. #3
    Thank you Kayaker
    Last edited by BoB; September 22nd, 2011 at 18:50.

  4. #4
    Opening my mind..
    Join Date
    Aug 2009
    Location
    East Coast USA
    Posts
    8
    this is going to be very promising, as i am trying to port over to the new olly2 from olly1.10 aswell x)
    ty for putting your effort in BoB

  5. #5
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,479
    Blog Entries
    1
    APIs are redirected to RW-memory, so NX-fault happens!
    change allocation tape to RWE.

    2. with ALL-PATCHES-SET, stack overflow happens (probably many stack used, or recursive calls?)
    CheckDebug.EXE
    Last edited by evaluator; November 27th, 2011 at 08:41.

  6. #6
    Hi evaluator,

    Sorry for some reason I am not getting notifications.
    For patches the code is in allocated RE memory, data is in allocated RW memory, I have had no problems reported before about NX-fault on any system. What OS did you test with?

    Thanks,
    BoB

Similar Threads

  1. how to terminate debugee in safe mode
    By zqBugZ in forum The Newbie Forum
    Replies: 6
    Last Post: June 26th, 2008, 10:12
  2. how does olly pass exceptions to debugee?
    By pillii in forum OllyDbg Support Forums
    Replies: 5
    Last Post: April 13th, 2007, 05:20
  3. how to hide the OD in win98
    By limee in forum Plugins (General)
    Replies: 1
    Last Post: August 22nd, 2004, 02:33
  4. hide softice on XP :( sorry
    By 3axap in forum Tools of Our Trade (TOT) Messageboard
    Replies: 4
    Last Post: May 14th, 2003, 01:28
  5. How to hide ollydbg?
    By look46 in forum OllyDbg Support Forums
    Replies: 4
    Last Post: April 26th, 2003, 02:59

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •