首页
社区
课程
招聘
[ZT]AttachAnyway
发表于: 2005-10-16 03:26 2635

[ZT]AttachAnyway

2005-10-16 03:26
2635
AttachAnyway is a PoC OllyDbg plugin designed to show how to remove a process' hook on NtContinue by the anti-debugger-attach method devised by Piotr Bania here:

http://pb.specialised.info/all/anti-dattach.asm

This is not intended to be a universal plugin for all anti-attach methods, just one example of how you can do it. It works by enumerating all processes, searching their virtual memory space for a JMP hook on the NtContinue method, then replacing the jump with the original bytes from a non-hooked process, then calling the OllyDbg Attachtoactiveprocess API.

attach-test.exe is an assembled version of Piotr's anti-dattach.asm you can use to test the plugin with.
附件:attachanyway.zip

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

收藏
免费 0
支持
分享
最新回复 (1)
雪    币: 277
活跃值: (37)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
2
good job.have a try.
2005-10-16 16:00
0
游客
登录 | 注册 方可回帖
返回
//