首页
论坛
课程
招聘
[转帖]PhantOm plugin 1.84 Final
2013-4-5 17:50 5551

[转帖]PhantOm plugin 1.84 Final

2013-4-5 17:50
5551
PhantOm plugin 1.84 Final
by Hellsp@wn & Archer & Olenevod
---[ PhantOm plugin 1.84 Final ]---------------------------------------------
| by Hellsp@wn & Archer & Olenevod.
|
| 橡桠弪?脲???
| Bronco, kioresk, RSI, lord_Phoenix, HoBleen, Grim Fandango,
| Guru.eXe, vad8787, PE_Kill, Executioner, ProTeuS.
-----------------------------------------------------------------------------

想嚆桧 潆 耜瘥蜩 OllyDbg (忪羼蝈 ?漯嚅忮痤?.
项祛汔弪 铗 耠邃簋?戾蝾漕?钺磬痼驽龛:

// 漯嚅忮?- extremehide.sys

[+] NtQueryInformationProcess.
[+] SetUnhandledExceptionFilter.
[+] OpenProcess.
[+] Invalid Handle.
[+] NtSetInformationThread.
[+] RDTSC.
[+] NtYieldExecution.
[+] NtQueryObject.
[+] NtQuerySystemInformation.
[+] Windows hide.
[+] GetProcessTimes.
[+] NtSetContextThread.
[+] NtSetDebugFilterState

// 镫嚆桧 - PhantOm.dll

[+] PEB BeingDebugged.
[+] PEB NtGlobalFlag.
[+] GetStartupInfo.
[+] Process Heaps.
[+] GetTickCount.
[+] OutputDebugString
[!] Protect DRx.
[!] Hide DRx.
[!] Fake Windows version.
[!] Custom Handler.
[+] BlockInput.
[+] INT 2d.
[+] Single-step bug.
[+] OutputDebugString.
[+] TraceFlag hide.

昨?眍忸泐 - 1.84
  • 项镳噔脲磬 钺疣犷蜿?drx breakpoints (Safengine).
  • 念徉怆屙?疣聒桊屙睇?镥疱踱囹?Zw 趔黻鲨?(Safengine)
  • 嚓蜩忤痼? 噔蝾爨蜩麇耜?镳?恹犷疱 "hook some of Zw* functions.
  • 义镥瘘 怦?桉觌屙? 钺疣徉螓忄? 镫嚆桧铎 镳?
  • 怅膻麇眍?铒鲨?"custom handler exceptions".
  • 项镳噔脲?恹忸?耦钺龛??腩?
  • [*] 项镳噔脲磬 钺疣犷蜿?break-on-access ?"custom handler exceptions".


    [公告] 欢迎大家踊跃尝试高研班11月试题,挑战自己的极限!

    上传的附件:
    收藏
    点赞1
    打赏
    分享
    最新回复 (7)
    雪    币: 1230
    活跃值: 活跃值 (615)
    能力值: ( LV2,RANK:10 )
    在线值:
    发帖
    回帖
    粉丝
    chixiaojie 活跃值 2013-4-5 18:48
    2
    0
    怎么全是一堆乱码?
    雪    币: 4395
    活跃值: 活跃值 (752)
    能力值: ( LV2,RANK:10 )
    在线值:
    发帖
    回帖
    粉丝
    option 活跃值 2013-4-5 20:25
    5
    0
    俄语编码的原因?
    ---[ PhantOm plugin 1.84 Final ]---------------------------------------------
    |     by Hellsp@wn & Archer & Olenevod.
    |
    | Привет?ле???
    |  Bronco, kioresk, RSI, lord_Phoenix, HoBleen, Grim Fandango,
    |  Guru.eXe, vad8787, PE_Kill, Executioner, ProTeuS.
    -----------------------------------------------------------------------------

    Плагин для скрытия OllyDbg (вместе ?драйверо?.
    Помогает от следующи?методо?обнаружения:

    // драйве?- extremehide.sys

    [+] NtQueryInformationProcess.
    [+] SetUnhandledExceptionFilter.
    [+] OpenProcess.
    [+] Invalid Handle.
    [+] NtSetInformationThread.
    [+] RDTSC.
    [+] NtYieldExecution.
    [+] NtQueryObject.
    [+] NtQuerySystemInformation.
    [+] Windows hide.
    [+] GetProcessTimes.
    [+] NtSetContextThread.
    [+] NtSetDebugFilterState

    // плагин - PhantOm.dll

    [+] PEB BeingDebugged.
    [+] PEB NtGlobalFlag.
    [+] GetStartupInfo.
    [+] Process Heaps.
    [+] GetTickCount.
    [+] OutputDebugString
    [!] Protect DRx.
    [!] Hide DRx.
    [!] Fake Windows version.
    [!] Custom Handler.
    [+] BlockInput.
    [+] INT 2d.
    [+] Single-step bug.
    [+] OutputDebugString.
    [+] TraceFlag hide.

    Чт?нового - 1.84
  • Поправлена обработк?drx breakpoints (Safengine).[*] Добавлен?расширенны?перехват?Zw функци?(Safengine)
  •      активируют? автоматическ?пр?выборе "hook some of Zw* functions.
  • Теперь вс?исключен? обрабатывают? плагином пр?
  •      включено?опци?"custom handler exceptions".[*] Поправле?выво?сообщени??ло?[*] Поправлена обработк?break-on-access ?"custom handler exceptions".
    雪    币: 38400
    活跃值: 活跃值 (156521)
    能力值: (RANK:10 )
    在线值:
    发帖
    回帖
    粉丝
    linhanshi 活跃值 2013-4-5 20:57
    6
    0
    雪    币: 38400
    活跃值: 活跃值 (156521)
    能力值: (RANK:10 )
    在线值:
    发帖
    回帖
    粉丝
    linhanshi 活跃值 2013-4-5 21:03
    7
    0
    编辑的原因,说明里的,也是俄语.真不知道楼上的想什么.
    雪    币: 38400
    活跃值: 活跃值 (156521)
    能力值: (RANK:10 )
    在线值:
    发帖
    回帖
    粉丝
    linhanshi 活跃值 2013-4-5 21:19
    8
    0
    From:EXETOOLS
    PhantOm plugin 1.84 Final
    Changeloge (by google):
    * Fixed handling drx breakpoints (Safengine).
    * Added extended interceptions Zw functions (Safengine)
    activated automatically when the "hook some of Zw * functions.
    * Now, all exceptions are handled by the plugin
    including the option "custom handler exceptions".
    * Fixed the message output to the log.
    * Fixed handling break-on-access to the "custom handler exceptions".

    雪    币: 79
    活跃值: 活跃值 (15)
    能力值: ( LV2,RANK:10 )
    在线值:
    发帖
    回帖
    粉丝
    tykktykk 活跃值 2013-4-6 18:55
    9
    0
    Good Job,Think you very muck!
    雪    币: 9
    活跃值: 活跃值 (45)
    能力值: ( LV2,RANK:10 )
    在线值:
    发帖
    回帖
    粉丝
    foreverxxyy 活跃值 2020-9-2 16:02
    10
    0
    thanks.
    游客
    登录 | 注册 方可回帖
    返回