首页
社区
课程
招聘
xADT eXtensible Anti-Debug Tester, version 1.0 out
发表于: 2006-7-23 08:21 4161

xADT eXtensible Anti-Debug Tester, version 1.0 out

2006-7-23 08:21
4161
Hi all,
it's a pleasure to announce this tool in its final first official distribution.

The tool is thought to be an unique extensible platform for integrating all the anti-debugging tricks you might see around, using an unique extensible interface you also might easily extend. The tool is useful to test the hiding features of the debugging tools and custom loaders as well as the hiding of any other reversing tool: see how well they're hidden or not. The second advantage is to finally have an unique testing program and to not have hundreds of spare tiny programs. The easiness of adding new external tests, writing new plugins is also one important feature IMHO, which finally free the author of new anti-debugging tools to concentrate on the logig of the test without having to spend a single second on its user's interface.

Do you think your Olly is well hidden? Try this tool from Olly and all the possible hiding tools around, up to today there's always one test which detects Olly!

I already packaged this first distribution with a lot of internal tests and plugins. Sources of 3 real plugins are included as well: 2 written with Visual C++ and one with MASM (10x deroko)

See the internal readme.txt for a brief documentation on the tool,  additional information on how to write your own plugins, and a short FAQ.

http://releases.accessroot.com

[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

收藏
免费 0
支持
分享
最新回复 (11)
雪    币: 97697
活跃值: (200859)
能力值: (RANK:10 )
在线值:
发帖
回帖
粉丝
2
Thx for share.

favorite a local copy:
上传的附件:
2006-7-23 08:38
0
雪    币: 817
活跃值: (1927)
能力值: ( LV12,RANK:2670 )
在线值:
发帖
回帖
粉丝
3
Thx for share
2006-7-23 20:46
0
雪    币: 149
活跃值: (1186)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
4
能不能用中文大概说说是什么意思?
2006-7-23 22:40
0
雪    币: 97697
活跃值: (200859)
能力值: (RANK:10 )
在线值:
发帖
回帖
粉丝
5
最初由 yahooboby 发布
能不能用中文大概说说是什么意思?


English Area :

You can post or reply subjects on reverse engineering, cracking, unpacking, cryptology in English here(中文帖勿发,否则删除)
2006-7-23 22:53
0
雪    币: 690
活跃值: (1826)
能力值: ( LV9,RANK:250 )
在线值:
发帖
回帖
粉丝
6
my test results:
Test: IsDebuggerPresent()
Message from test function: Nothing
Result: I am NOT Debugged, Test went fine!
------------------------
Test: CheckRemoteDebuggerPresent()
Message from test function: Nothing
Result: I am NOT Debugged, Test went fine!
------------------------
Test: PEB.BeingDebugged
Message from test function: Nothing
Result: I am NOT Debugged, Test went fine!
------------------------
Test: PEB.ProcessHeap
Message from test function: Nothing
Result: I am NOT Debugged, Test went fine!
------------------------
Test: GetProcessHeap()
Message from test function: Nothing
Result: I am NOT Debugged, Test went fine!
------------------------
Test: PEB.NtGlobalFlag
Message from test function: Nothing
Result: I am NOT Debugged, Test went fine!
------------------------
Test: PEB.NtGlobalFlag2
Message from test function: Nothing
Result: Unknown state, test failed!
------------------------
Test: Debug Registers
Message from test function: Nothing
Result: I am NOT Debugged, Test went fine!
------------------------
Test: Single Step
Message from test function: EFlags: EFlags=0x00000202
Result: I am NOT Debugged, Test went fine!
------------------------
Test: CreateFileDrivers()
Message from test function: No drivers Detected
Result: I am NOT Debugged, Test went fine!
------------------------
Test: ZwQueryInformationProcess()
Message from test function: Nothing
Result: Unknown state, test failed!
------------------------
Test: ZwQueryInformationThread()
Message from test function: Nothing
Result: Unknown state, test failed!
------------------------
Test: FindWindow OllyDbg
Message from test function: Nothing
Result: I am NOT Debugged, Test went fine!
------------------------
Test: Invalid_Handle Exception Test
Message from test function: steps:1, 2, 3, 4, 5, 6,
Result: Debugger detected
------------------------
Test: ParentProcess Test
Message from test function: Nothing
Result: Unknown state, test failed!
------------------------
Test: UnhandledExceptionFilter
Message from test function: Nothing
Result: I am NOT Debugged, Test went fine!
------------------------
Test: ZwQueryObject DebugObject Testing
Message from test function: I cannot access to the DebugObject, this makes me thinking something is going wrong
Result: It's possible that I'm debugged

SIDT test my pc is over

Test: Invalid_Handle Exception Test
my od not pass,how pass it

2006-7-24 18:01
0
雪    币: 203
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
7
It has not any new ideas.
2006-7-24 20:37
0
雪    币: 280
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
8
Hi all,
version 1.1 is out.

version 1.1
        +splitter function, panels now can be resized dynamically
        +windows and splitter position is now saved
        +divided the messages panel into two positive and negative panels to separate results list
        +now the title bar reports a count of test results
        +added a PDK. Now plugin can start using it from the main program (like OllyDbg does)
        -fixed internal test ZwQueryInformationThread
        -small bugs fixed
2006-7-28 08:19
0
雪    币: 392
活跃值: (909)
能力值: ( LV9,RANK:690 )
在线值:
发帖
回帖
粉丝
9
WoW, really excellent stuff
2006-7-29 11:12
0
雪    币: 245
活跃值: (10)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
10
Could you share the src of "Invalid_Handle Exception Test" ?

Yeah, i find it in xADT v1.2
2006-8-25 15:57
0
雪    币: 280
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
11
ok, fine. I prevented you question..
2006-8-25 20:32
0
雪    币: 12380
活跃值: (5138)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
12
太高深了
有点晕晕
2009-8-10 21:00
0
游客
登录 | 注册 方可回帖
返回
//