Page 1 of 1

OllyDbg2 plugin to hide Olly2 from debugee

Posted: Wed Sep 14, 2011 4:06 am
by BoB
Hi all,

I was going to submit my OllyDbg2 plugin to the RCE tool library but couldn't find an OllyDbg2 category ..
I don't want to confuse things by putting OllyDbg v2 with OllyDbg v1.10 :)
So could someone please add a new category, and my plugin to it please. Thanks :D

Anyway, my plugin hides OllyDbg2 from detection / anti-debug tricks. It's written from scratch since so many old detections are now irrelevant, eg ESI != -1, so I will add things if they are useful for Olly2 :)

I hope it is useful to you ;)

Code: Select all
Have fun!

Posted: Tue Sep 20, 2011 11:09 pm
by Kayaker
Hi BoB

Thanks for kicking this off. I added a new category for OllyDbg 2.x extensions ... Extensions

and added your plugin, please modify if desired ... x.php/Hyde

For all, please add any other 2.x plugins under this category. There is a permanent link to the 1.x and 2.x OllyDbg Extensions under "Some Useful Places" at the bottom of the forum page.


Posted: Wed Sep 21, 2011 7:40 pm
by BoB
Thank you Kayaker :D

Posted: Wed Nov 23, 2011 7:47 pm
by /db/
this is going to be very promising, as i am trying to port over to the new olly2 from olly1.10 aswell x)
ty for putting your effort in BoB :)

Posted: Sun Nov 27, 2011 8:34 am
by evaluator
APIs are redirected to RW-memory, so NX-fault happens!
change allocation tape to RWE.

2. with ALL-PATCHES-SET, stack overflow happens (probably many stack used, or recursive calls?)

Posted: Mon Dec 12, 2011 1:27 pm
by BoB
Hi evaluator,

Sorry for some reason I am not getting notifications.
For patches the code is in allocated RE memory, data is in allocated RW memory, I have had no problems reported before about NX-fault on any system. What OS did you test with?


New version is released

Posted: Mon Dec 12, 2011 1:47 pm
by BoB
Hi all,

New v1.01 version of my plugin is released, please see for download link and full information.

Have fun!

Posted: Mon Apr 30, 2012 10:30 am
by evaluator
hi! v1.01 checked - OK!