View Full Version : aadp4olly
NCR
November 16th, 2010, 14:14
http://code.google.com/p/aadp ("http://code.google.com/p/aadp")
Quote:
aadp is a collection of plugins that aims to hide most of the well knowns debuggers from most of anti-debugging techniques.
Latest Changes¶
aadp4olly¶
Version 0.1.1
* Fixed a bug when the plugin's window is closed (reported by marciano).
Version 0.1
aadp4olly hide Ollydbg from the following tricks:
* IsDebuggerPresent (via PEB patching, BeingDebugged flag)
* NtGlobalFlags
* HeapFlags
* GetTickCount
* ZwQueryInformationProcess
* ZwSetInformationThread
* OutputDebugStringA
|
chessgod101
November 17th, 2010, 16:22
Great Plugin! I would like to see the author implement a hide feature for OutputDebugStringW. This would be a feature that to my knowledge, no other hiding plugin has.
NCR
November 18th, 2010, 09:36
Hi!,
i've never seen a packer doing use of the OutputDebugStringW as antidbg trick, just OutputDebugStringA, however, i can add it if you want, if you can provide me a testcase for ir it would be great.
BR,
NCR
Quote:
| [Originally Posted by chessgod101;88263]Great Plugin! I would like to see the author implement a hide feature for OutputDebugStringW. This would be a feature that to my knowledge, no other hiding plugin has. |
chessgod101
November 18th, 2010, 11:25
Check you PM. I did not want to post a link to a commercial software in the forum. Thank you!
NCR
November 18th, 2010, 11:30
got it!.
Thanks!.
Quote:
| [Originally Posted by chessgod101;88283]Check you PM. I did not want to post a link to a commercial software in the forum. Thank you! |
dELTA
November 27th, 2010, 14:56
Looks good.
CRCETL:
http://www.woodmann.com/collaborative/tools/Aadp
Btw, you might want to get some extra inspiration from some other tool hiding tools too:
http://www.woodmann.com/collaborative/tools/Category:Tool_Hiding_Tools
NCR
November 27th, 2010, 18:25
Thanks dELTA!,
i'm finishing the v0.2, maybe next week i will release it, i'm just waiting for the OK from my friend marciano (my beta tester :P).
BR,
NCR
Quote:
[Originally Posted by dELTA;88371]Looks good.
CRCETL:
http://www.woodmann.com/collaborative/tools/Aadp
Btw, you might want to get some extra inspiration from some other tool hiding tools too:
http://www.woodmann.com/collaborative/tools/Category:Tool_Hiding_Tools |
dELTA
November 27th, 2010, 20:41
Ok, sounds great. Please feel free to continuously update its CRCETL entry yourself, as new versions are released.
NCR
November 28th, 2010, 03:55
Thanks again! dELTA!
Quote:
| [Originally Posted by dELTA;88378]Ok, sounds great. Please feel free to continuously update its CRCETL entry yourself, as new versions are released. |
NCR
November 29th, 2010, 19:32
Hi!,
i want to let you know that a new version of aadp4olly was released (v0.2).
Quote:
v0.2 (29/11/2010)
--
- added Anti-Antidebugging features for the following tricks:
* BlockInput
* SuspendThread
* UnhandledExceptionFilter
* Process32Next
* Module32Next
* ZwQuerySystemInformation
* ZwQueryObject
* TerminateProcess
* ZwOPenProcess
* FindWindow
- now, the plugin should support XP (ALL), Windows Vista (ALL) and Windows 7 (ALL) OS.
|
You can download it at: http://code.google.com/p/aadp/
Some bugs still remain from v0.1.3 but will be fixed in v0.3, i'm currently working on it.
BR,
NCR
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.