--- [PhantOm plugin 1.25 ]------------------------------------------ --------
by Hellsp @ wn & Archer
/ / spring aggravation:
/ / IHA! PEOPLE WITH ALL DAY! SPRING WALKS! BEER begins! GULYAYTE DEVUSHKAMI X!
/ / ZHIVITE FULL LIFE!
| Privety fly to:
| Bronco, kioresk, RSI, lord_Phoenix, HoBleen, Grim Fandango,
| Guru.eXe, vad8787, PE_Kill.
-------------------------------------------------- ---------------------------
The plug to hide OllyDbg (with driver).
Helps detection of the following methods:
/ / driver - extremehide.sys
[+] NtQueryInformationProcess.
[+] SetUnhandledExceptionFilter.
[+] OpenProcess.
[+] Invalid Handle.
[+] NtSetInformationThread.
[+] RDTSC.
[+] NtYieldExecution.
[+] NtQueryObject.
[+] NtQuerySystemInformation.
[+] Windows hide.
[+] GetProcessTimes.
[+] NtSetContextThread.
/ / plug - PhantOm.dll
[+] PEB BeingDebugged.
[+] PEB NtGlobalFlag.
[+] GetStartupInfo.
[+] Process Heaps.
[+] GetTickCount.
[!] Protect DRx.
[!] Hide DRx.
[!] Fake Windows version.
[!] Custom Handler.
[+] BlockInput
What's New - 1.25
You may now ask the very name services
HIDENAME and RDTSCNAME.
Some minor bugs.
Fixed bug with memory breakpoints.
What's New - 1.20
Added own processing exceptions (C0000005).
Added the title change of the main window.
Added own processing exceptions (OUTPUT_DEBUG_STRING_EVENT).
int 3 at EP correctly removed if the stop
at the point of the system failed.
Added BlockInput interception. (WinXP only)
Added own processing exceptions (C0000094).
Added hide from GetStartupInfo.
Fixed bug with the settings plug.
Added protection from detection drivers.
What's New - 1.15
Several bugs.
What's New - 1.10
hook GetProcessTimes - moved to the driver.
hook NtSetContextThread - moved to the driver.
The bug and removing the "EP break."
Several bugs related to downloading options.
In ini added "DELTARDTSC which will regulate the spread RDTSC.
What's New - 1.04
Fixed bsod while loading drivers.
What's New - 1.03
Fixed bug with windows.
What's New - 1.01
Fixed bug in the driver.
What's New - 1.00
Added protection OllyDbg windows.
Now OllyDbg patchitsya regardless of ImageBase.
What's New - 0.60
Added own processing exceptions (C000001E, 80000001, C000001D).
Added removal int3 with EntryPoint.
Fixed bug with GetTickCount.
Added methods in anti-detekta driver.
What's New - 0.58
Fixed bug with Hide from peb on some systems.
What's New - 0.57
Fixed bug with the attachment to the process.
Added protection from GetProcessTimes.
[-] Removed option Fake Windows version (at the time).
What's New - 0.55
Improved imulyatsiya GetTickCount.
Added emulation RDTSC.
Fixed bug with not zeroing ServicePack.
A bit optimized code.
What's New - 0.53
Now the driver is in resources.
NtSetInformationThread added protection.
Fixed bug with Fake Windows version.
What's New - 0.51
Fixed bug in the GetTickCount
Fixed bug with a patch PEB 'and
/ / Notes:
-- if you have changed the settings in the plug, but you open any file in OllyDbg,
necessarily have to restart it (Ctrl-F2) program.
-- plug-in displays debug messages Log (Alt + L), so the first run
advised to put all the options and examine the Log for errors.
-- tested only on Windows 2000 SP4, XP SP2.
-- with the plug, it is recommended to turn off programs that can prevent
loading drivers (Antivirus, PC).
-- incorrect in the work are encouraged to try to plug the "native" OllyDbg,
without extraneous plugins.
/ / Contact author:
www: hellspawn.nm.ru
mail: for.hellspawn @ gmail.com
-------------------------------------------------- ----------[ 01.04.2008] ---
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
