Results 1 to 1 of 1

Thread: ICanAttach, a plugin to bypass anti-attaching tricks.

  1. #1

    ICanAttach, a plugin to bypass anti-attaching tricks.

    I have recently created an ollydbg plugin, ICanAttach, to bypass the "DbgUiRemoteBreakin", "DbgBreakPoint", and "NtContinue" anti-attach tricks. It overwrites the Entry points of these functions, which had supposedly been patched by malware.

    It has only been tested on XP SP3. Glad if someone tests it on other OSes and gives me some feedback.


    http://ollytlscatch.googlecode.com/files/ICanAttach2.dll

    Source code
    http://ollytlscatch.googlecode.com/files/ICanAttach.tar.gz

    For more info:
    http://waleedassar.blogspot.com/2011/12/debuggers-anti-attaching-techniques.html
    http://waleedassar.blogspot.com/2011/12/debuggers-anti-attaching-techniques_11.html
    http://waleedassar.blogspot.com/2011/12/debuggers-anti-attaching-techniques_13.html


    N.B. The plugin has been updated to cover cases where race conditions may occur.
    Last edited by walied; December 28th, 2011 at 18:29. Reason: Updating plugin

Similar Threads

  1. How to get around anti-disassembly tricks on Olly?
    By Sunk in forum The Newbie Forum
    Replies: 2
    Last Post: March 20th, 2012, 14:08
  2. Replies: 2
    Last Post: February 15th, 2009, 21:52
  3. Collection of anti debug tricks
    By Harding in forum Advanced Reversing and Programming
    Replies: 4
    Last Post: November 18th, 2007, 08:58
  4. morpheus anti-sice tricks
    By ignatz in forum Malware Analysis and Unpacking Forum
    Replies: 7
    Last Post: January 10th, 2002, 12:57
  5. anti disassembler tricks x86
    By dominator in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: January 4th, 2002, 13:50

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •