![]() Quote: Personal opinion first talk about the plug-in function StrongOD: a very good plug-in, almost perfect, because the 64-bit system is not loaded on the drive, only 32-bit system to play its power, sea breeze Daniel did not have time to update, this is really a tragedy. OllyDbg is a professional 32-bit assembler-level analyzing debugger from Germany, written for both Windows 32-bit and 64-bit, released and kept as freeware. How To Use OllyDBG x64 Bit. How to use 32 Bit Plugins in your 64 Bit DAW. How To Crack IDM Permanently Full Version in Windows 7/8/8.1. Wow64Transition (32-bit to 64-bit mode jmp 0033: xxxxxxxxx), and deal with a lot of places. I read the source code scyllaHide, the interface is complex, find the author a little Lai - -!, Many places are not fine enough, and the hardware breakpoint protection of the 64-bit trouble is not written, and Hook location is not deep enough, others casually call a 64-bit API was detected. TitanHide: 64D system on the SSDT Hook, the first user will have to go again PG, and not many places to deal with. The above plug-ins have their own advantages and disadvantages, that is, can not find a perfect point, and now more and more 64-bit system, 64-bit system can not find a smooth plug-in led to a lot of software anti, SharpOD x64 plugin. The SharpOD x64 main implementation is to wow64 process, into pure 64-bit code, and hook ntdll64 api to achieve, this is more than Hook wow64cpu! Wow64Transition to the bottom of the more. See the following for specific features installation. Quote: 0llydbg: copy SharpOD x64.dll to your OD plugin directory, and copy the StrongOD plugin to the OD plugin directory (StrongOD at 64 bit is mainly used to fix the OD BUG and very useful shortcut keys) And then restart the debugger in the plugin menu x64dbg: copy the corresponding version of the plugin to your x64dbg plugin directory, such as 64-bit, copy the SharpOD x64.dp64 file, and then reboot the debugger in the plugin menu Function Description -> Hide PEB (overloaded program takes effect). Quote: Hook Zw series of functions There are so many things to deal with, the following Nt function NtQuerySystemInformation SystemKernelDebuggerInformation SystemProcessInformation SystemHandleInformation NtClose invalid handle NtQueryInformationProcess ProcessBasicInformation ProcessDebugPort ProcessDebugObjectHandle ProcessDebugFlags NtSetInformationThread ThreadHideFromDebugger NtDuplicateObject NtQueryObject ObjectTypesInformation -> DebugObject NtYieldExecution return STATUS_NO_YIELD_PERFORMED -> Remove DebugProvileges (overloaded program takes effect).
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |