Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

ICanAttach, a plugin to bypass anti-attaching tricks.

Plugin related discussions.

For plugins, tools and tutorials see <a href="/collaborative/tools/index.php/Category:OllyDbg_Extensions">OllyStuph</a>
Posts: 46
Joined: Tue Aug 31, 2010 6:08 am
Location: Egypt

ICanAttach, a plugin to bypass anti-attaching tricks.

Post by walied »

I have recently created an ollydbg plugin, ICanAttach, to bypass the "DbgUiRemoteBreakin", "DbgBreakPoint", and "NtContinue" anti-attach tricks. It overwrites the Entry points of these functions, which had supposedly been patched by malware.

It has only been tested on XP SP3. Glad if someone tests it on other OSes and gives me some feedback.

http://ollytlscatch.googlecode.com/file ... ttach2.dll

Source code
http://ollytlscatch.googlecode.com/file ... ach.tar.gz

For more info:
http://waleedassar.blogspot.com/2011/12 ... iques.html
http://waleedassar.blogspot.com/2011/12 ... es_11.html
http://waleedassar.blogspot.com/2011/12 ... es_13.html

N.B. The plugin has been updated to cover cases where race conditions may occur.