OllyDbg/PhantOm

From aldeid

Jump to navigation Jump to search

You are here:

PhantOm

Description

Plug-in for concealment of OllyDbg (plugin with the driver). Helps being detected using the following methods of detection:

driver - extremehide.sys: [+] NtQueryInformationProcess; [+] SetUnhandledExceptionFilter; [+] OpenProcess; [+] Invalid Handle; [+] NtSetInformationThread; [+] RDTSC; [+] NtYieldExecution; [+] NtQueryObject; [+] NtQuerySystemInformation; [+] Windows hide; [+] GetProcessTimes; [+] NtSetContextThread; [+] NtSetDebugFilterState

plugin - PhantOm.dll: [+] PEB BeingDebugged; [+] PEB NtGlobalFlag; [+] GetStartupInfo; [+] Process Heaps; [+] GetTickCount; [+] OutputDebugString; [!] Protect DRx; [!] Hide DRx; [!] Fake Windows version; [!] Custom Handler; [+] BlockInput; [+] INT 2d; [+] Single-step bug; [+] OutputDebugString; [+] TraceFlag hide

Installation

Download link: https://tuts4you.com/request.php?1276 (password for archive: tuts4you)

Retrieved from "https://www.aldeid.com/w/index.php?title=OllyDbg/PhantOm&oldid=32430"

Share your opinion