-Add 'olly2patches.h' to the VS project filters file
-DLL injection: change the default value of DLLUnload to 0
-DLL injection: replace 'DoThreadMagic' with NtCreateThreadEx-using version
-ApplyAntiAntiAttach: remove unneeded check of ntdll image base Ntdll is in \KnownDLLs, it always has the same image base in all processes. Note/TODO: this does not prevent a process from manually mapping ntdll at more than one address, but this was never detected in the first place
-ApplyAntiAntiAttach: make sure page is RWX before writing to it
-Add git version infoThe about box now displays the current git revision count as the patch number instead of 0. The full version number looks like 1.4.
ScyllaHide_2019-05-08_12-58.7z _https://github.com/x64dbg/ScyllaHide/releases/tag/snapshot -Fix IDA x64 plugin -Fix hooking syscalls with breakpoints (x64dbg process cookie query) -Merge branch 'master' of https://github.com/x64dbg/ScyllaHide -'Suspend process when applying and restoring hooks' (ну неужели) -Make HookXxx functions return bool; false if DetourCreateRemote fails -Detect hooks before applying new ones and fail if one is found -Write hook DLL data inside the process suspend/resume block
-CLI injector: use settings for PEB patch instead of patching everything -Dead code removal -Make it possible to create profiles that do not cause DLL injection -Add "basic" profile that patches the PEB but does not hook
ScyllaHide_2019-05-18_10-19 -Improve NtUserBuildHwndList hook - Query NtUserGetClassName and NtUserInternalGetWindowText addresses using the new syscall lookup magic - Add IsWindowBad() helper function which determines for a given HWND not only whether it belongs to the debugger process by PID, but also whether is has a forbidden class name or window text - FilterHwndList: instead of only comparing against the protected PID, use IsWindowBad() both to determine which HWNDs to overwrite and which ones are good replacements. This allows you to have e.g. IDA and x64dbg open and both will be hidden, even if only x64dbg is actively debugging -Fix NtUserBuildHwndList hook on Windows 8 and later - NtUserBuildHwndList gained a boolean parameter in Windows 8, which breaks the call because the original syscall is called with one less argument (which results in STATUS_INVALID_HANDLE). Work around this by exporting a separate HookedNtUserBuildHwndList_Eight function that uses the new prototype. Replace the HOOK_NATIVE() invocation in ApplyHooking.cpp with a manual version that determines the hook to use based on the OS version -Only set the address of NativeCallContinue after all hooks are applied - Fixes an unlikely bug on x86 where the debuggee will crash due to NativeCallContinue being NULL if one or more kernel32 or user32 hooks are enabled but no ntdll hooks -Fix clang error re: pasting invalid preprocessor tokens (hdd->##name) - Fix clang warning re: nonstandard implicit function pointer -> object pointer conversion -Update README.md _https://github.com/x64dbg/ScyllaHide/releases/download/snapshot/ScyllaHide_2019-05-18_10-19.7z
ScyllaHide_2019-05-22_01-19 _https://github.com/x64dbg/ScyllaHide/releases/download/snapshot/ScyllaHide_2019-05-22_01-19.7z -NtUserQueryWindow hook improvements - Do not return the real PID or TID of any window with a bad owner process, window class name or title - Instead of returning a bogus handle, return the debuggee's own client ID -Don't leave RWX pages around after hooking (change to RX) -Fix memory leak in GetModuleBaseRemote
FleTime
