Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

OllyDbg2 plugin to hide Olly2 from debugee

Support forums for OllyDbg 32-bit Assembler-Level Debugger.
Developed by Oleh Yuschuk (http://www.ollydbg.de)
Locked
User avatar
BoB
Posts: 51
Joined: Mon Mar 29, 2010 6:55 pm
Location: UK
Contact:

OllyDbg2 plugin to hide Olly2 from debugee

Post by BoB »

Hi all,

I was going to submit my OllyDbg2 plugin to the RCE tool library but couldn't find an OllyDbg2 category ..
I don't want to confuse things by putting OllyDbg v2 with OllyDbg v1.10 :)
So could someone please add a new category, and my plugin to it please. Thanks :D

Anyway, my plugin hides OllyDbg2 from detection / anti-debug tricks. It's written from scratch since so many old detections are now irrelevant, eg ESI != -1, so I will add things if they are useful for Olly2 :)

I hope it is useful to you ;)

Code: Select all

http://bob.droppages.com/Projects/OllyDbg2/Hyde
Have fun!
BoB
User avatar
Kayaker
Posts: 4179
Joined: Thu Oct 26, 2000 11:00 am

Post by Kayaker »

Hi BoB

Thanks for kicking this off. I added a new category for OllyDbg 2.x extensions

http://www.woodmann.com/collaborative/t ... Extensions

and added your plugin, please modify if desired

http://www.woodmann.com/collaborative/t ... x.php/Hyde


For all, please add any other 2.x plugins under this category. There is a permanent link to the 1.x and 2.x OllyDbg Extensions under "Some Useful Places" at the bottom of the forum page.

Cheers,
Kayaker
User avatar
BoB
Posts: 51
Joined: Mon Mar 29, 2010 6:55 pm
Location: UK
Contact:

Post by BoB »

Thank you Kayaker :D
/db/
Posts: 8
Joined: Sun Aug 30, 2009 12:26 pm
Location: East Coast USA

Post by /db/ »

this is going to be very promising, as i am trying to port over to the new olly2 from olly1.10 aswell x)
ty for putting your effort in BoB :)
User avatar
evaluator
Posts: 1539
Joined: Tue Sep 18, 2001 2:00 pm

Post by evaluator »

APIs are redirected to RW-memory, so NX-fault happens!
change allocation tape to RWE.

2. with ALL-PATCHES-SET, stack overflow happens (probably many stack used, or recursive calls?)
CheckDebug.EXE
User avatar
BoB
Posts: 51
Joined: Mon Mar 29, 2010 6:55 pm
Location: UK
Contact:

Post by BoB »

Hi evaluator,

Sorry for some reason I am not getting notifications.
For patches the code is in allocated RE memory, data is in allocated RW memory, I have had no problems reported before about NX-fault on any system. What OS did you test with?

Thanks,
BoB
User avatar
BoB
Posts: 51
Joined: Mon Mar 29, 2010 6:55 pm
Location: UK
Contact:

New version is released

Post by BoB »

Hi all,

New v1.01 version of my plugin is released, please see http://bob.droppages.com/Projects/OllyDbg2/Hyde for download link and full information.

Have fun!
BoB
User avatar
evaluator
Posts: 1539
Joined: Tue Sep 18, 2001 2:00 pm

Post by evaluator »

hi! v1.01 checked - OK!
Locked