티스토리 뷰

보안/분석

PhantOm Plugin 1.20

NineKY 2008. 4. 4. 18:20
PhantOm Plugin 1.20
Author Hellsp@wn & Archer
Description Plug-in for concealment OllyDbg (plugin with the driver). Helps from following methods of detection:

// driver - extremehide.sys

[+] NtQueryInformationProcess.
[+] SetUnhandledExceptionFilter.
[+] OpenProcess.
[+] Invalid Handle.
[+] NtSetInformationThread.
[+] RDTSC.
[+] NtYieldExecution.
[+] NtQueryObject.
[+] NtQuerySystemInformation.
[+] Windows hide.
[+] GetProcessTimes.
[+] NtSetContextThread.

// plugin - PhantOm.dll

[+] PEB BeingDebugged.
[+] PEB NtGlobalFlag.
[+] GetStartupInfo.
[+] Process Heaps.
[+] GetTickCount.
[!] Protect DRx.
[!] Hide DRx.
[!] Fake Windows version.
[!] Custom Handler.
[+] BlockInput

Whats new: - 1.20

[*] Added own handling of exception (C0000005).
[*] Added option for the title change of the main window.
[*] Added own handling of exception (OUTPUT_DEBUG_STRING_EVENT).
[*] int 3 at EP correctly removed.
[*] Added interception of BlockInput. (WinXP only)
[*] Added own handling of exception (C0000094).
[*] Added hiding of GetStartupInfo.
[*] Fixed bug with changing the options of the plugin.
[*] Added more defense of the driver from detection.
Image no image available
Filesize 759.65 kb
Date Sunday 18 November 2007 - 15:07:00
Downloads 2668
Download

'보안 > 분석' 카테고리의 다른 글

Using Files In A Driver [펌 MSDN]  (0) 2008.04.08
HOOK the ZwDeleteFile is Not Work -> How to?? [펌 www.rohitab.com]  (1) 2008.04.08
Windows syscall lister  (0) 2008.04.04
How to send IOCTLs to a filter driver  (0) 2008.04.02
Driver Loader - by OSR  (0) 2008.04.02
공지사항
최근에 올라온 글
최근에 달린 댓글
Total
Today
Yesterday
링크
TAG more
«   2024/05   »
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31
글 보관함