티스토리 뷰

보안/분석

PhantOm Plugin 1.20

NineKY 2008. 4. 4. 18:20
PhantOm Plugin 1.20
Author Hellsp@wn & Archer
Description Plug-in for concealment OllyDbg (plugin with the driver). Helps from following methods of detection:

// driver - extremehide.sys

[+] NtQueryInformationProcess.
[+] SetUnhandledExceptionFilter.
[+] OpenProcess.
[+] Invalid Handle.
[+] NtSetInformationThread.
[+] RDTSC.
[+] NtYieldExecution.
[+] NtQueryObject.
[+] NtQuerySystemInformation.
[+] Windows hide.
[+] GetProcessTimes.
[+] NtSetContextThread.

// plugin - PhantOm.dll

[+] PEB BeingDebugged.
[+] PEB NtGlobalFlag.
[+] GetStartupInfo.
[+] Process Heaps.
[+] GetTickCount.
[!] Protect DRx.
[!] Hide DRx.
[!] Fake Windows version.
[!] Custom Handler.
[+] BlockInput

Whats new: - 1.20

[*] Added own handling of exception (C0000005).
[*] Added option for the title change of the main window.
[*] Added own handling of exception (OUTPUT_DEBUG_STRING_EVENT).
[*] int 3 at EP correctly removed.
[*] Added interception of BlockInput. (WinXP only)
[*] Added own handling of exception (C0000094).
[*] Added hiding of GetStartupInfo.
[*] Fixed bug with changing the options of the plugin.
[*] Added more defense of the driver from detection.
Image no image available
Filesize 759.65 kb
Date Sunday 18 November 2007 - 15:07:00
Downloads 2668
Download
공지사항
최근에 올라온 글
최근에 달린 댓글
Total
Today
Yesterday
«   2024/12   »
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31
글 보관함