关于How hide ollydbg under win98-软件逆向-看雪-安全社区|安全招聘|kanxue.com

最新回复 (5)
great1234 雪币： 16 能力值： (RANK：10 ) 在线值：发帖 18 回帖 523 粉丝 1 关注私信	great1234 2 楼改名就行了？还有别的办法吗？ 2004-9-7 10:29 0
RoBa 雪币： 519 活跃值： (1223) 能力值： ( LV12，RANK：650 ) 在线值：发帖 75 回帖 857 粉丝 9 关注私信	RoBa 16 3 楼 I think that's depending on how the software detects OLLY:D 2004-9-7 11:07 0
xiluoyou 雪币： 241 活跃值： (160) 能力值： ( LV2，RANK：10 ) 在线值：发帖 26 回帖 238 粉丝 1 关注私信	xiluoyou 4 楼改名也好像不能躲过TELOCK的检测 2004-9-7 11:57 0
askformore 雪币： 383 活跃值： (786) 能力值： ( LV12，RANK：730 ) 在线值：发帖 73 回帖 349 粉丝 2 关注私信	askformore 18 5 楼你应该发问How to Hide the debuger flag of ollydbg under win98? 所以你的得到的回答是对应你的提问！:D 2004-9-7 14:44 0
linhanshi 雪币： 97697 活跃值： (200834) 能力值： (RANK：10 ) 在线值：发帖 9249 回帖 27947 粉丝 453 关注私信	linhanshi 6 楼 lordways发言：我经常用这个小工具在W98下隐藏OD This little tool has 2 buttons. 1.The first, "Hide", hooks th IsDebuggerPresent API and makes it unuseful against debuggers. The Armadillo software protection system is owned by this trick ! After having hidden your debuggers, you can restore the first verion of the API by re-clicking the button, which caption had changed to "Un-Hide". 2.The second button enables you to activate breakpoints on Windows APIs in OllyDbg under 9x systems, thing which was impossible. Caution, it makes your Kernel32 in memory WRITEABLE, so a simple line of code can kill your most basic Windows functions, until next reboot. After having set breakpoints with OllyDBG, if you are not sure your Kernel is clean, you can fix all the APIs's first byte by clicking "Fix". After that a messagebox appears, asking you if you want to COMPLETELY clean you Kernel. If you answer YES, you will be able to execute ALL applications, the no-imports ones too. If you answer NO, you will be able to re-fix your Kernel as you want, when you want, until you click YES. All these tricks work, even if you close this tool. It detects if you have the bps enabled or IsDebuggerPresent hooked, and inits itself, following the different cases. Hope it will be useful for you, 2004-9-8 08:10 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

最新回复 (5)
great1234 雪币： 16 能力值： (RANK：10 ) 在线值：发帖 18 回帖 523 粉丝 1 关注私信	great1234 2 楼改名就行了？还有别的办法吗？ 2004-9-7 10:29 0
RoBa 雪币： 519 活跃值： (1223) 能力值： ( LV12，RANK：650 ) 在线值：发帖 75 回帖 857 粉丝 9 关注私信	RoBa 16 3 楼 I think that's depending on how the software detects OLLY:D 2004-9-7 11:07 0
xiluoyou 雪币： 241 活跃值： (160) 能力值： ( LV2，RANK：10 ) 在线值：发帖 26 回帖 238 粉丝 1 关注私信	xiluoyou 4 楼改名也好像不能躲过TELOCK的检测 2004-9-7 11:57 0
askformore 雪币： 383 活跃值： (786) 能力值： ( LV12，RANK：730 ) 在线值：发帖 73 回帖 349 粉丝 2 关注私信	askformore 18 5 楼你应该发问How to Hide the debuger flag of ollydbg under win98? 所以你的得到的回答是对应你的提问！:D 2004-9-7 14:44 0
linhanshi 雪币： 97697 活跃值： (200834) 能力值： (RANK：10 ) 在线值：发帖 9249 回帖 27947 粉丝 453 关注私信	linhanshi 6 楼 lordways发言：我经常用这个小工具在W98下隐藏OD This little tool has 2 buttons. 1.The first, "Hide", hooks th IsDebuggerPresent API and makes it unuseful against debuggers. The Armadillo software protection system is owned by this trick ! After having hidden your debuggers, you can restore the first verion of the API by re-clicking the button, which caption had changed to "Un-Hide". 2.The second button enables you to activate breakpoints on Windows APIs in OllyDbg under 9x systems, thing which was impossible. Caution, it makes your Kernel32 in memory WRITEABLE, so a simple line of code can kill your most basic Windows functions, until next reboot. After having set breakpoints with OllyDBG, if you are not sure your Kernel is clean, you can fix all the APIs's first byte by clicking "Fix". After that a messagebox appears, asking you if you want to COMPLETELY clean you Kernel. If you answer YES, you will be able to execute ALL applications, the no-imports ones too. If you answer NO, you will be able to re-fix your Kernel as you want, when you want, until you click YES. All these tricks work, even if you close this tool. It detects if you have the bps enabled or IsDebuggerPresent hooked, and inits itself, following the different cases. Hope it will be useful for you, 2004-9-8 08:10 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复