This plugin allows to hide debugger from IsDebuggerPresent API
function.

Cool, nice work!

Thanks!

Hi Aster!x,
Always happy to see new tot. Not much documentation, out of curiosity, how does this compare/improve on the already available Isdebuggerpresent plugin?
regards

Hi Aster!x,

Kudos on the plugin. If you don't mind a couple of comments, the nicest thing you could do is teach people how to create their own Olly plugins by including the source. I fully encourage all forms of source on this board as it's the best kind of information to pass along.

I mention this specifically because, not to take away any credit at all from what you have done, but because SV also created an IsDebuggerPresent plugin and included full ASM source. I haven't actually tested either plugin, but comparing the two dlls it seems you have done it slightly different, using ContinueEventDebugHook and WaitForDebugEventHook and a different combination of _ODBG exports. It might be instructive if you included your source and people who are interested could compare the different approaches.

This is just a suggestion, and an encouragement for further plugins and open source, from which we all benefit.

Heh, I see Js (long time no Asp-talk ;-) had the same idea.

Cheers,
Kayaker

Hi Js!
My english not so good for give more full description , but you may try and choose for itself best.

Hi Kayaker!

I'll think.
Possible little later full sorces will be available on _http://www.wasm.ru/
and accordingly will here appear link.

Code was corrected.
The size of the file became else less.

if you need help on the translation part, let us know..

there's a lot of valuable content on wasm.ru that just doesn't get to be known by the rest of the world.

The other day I was searching for undocumented windows features and out of 6 google searches, wasm.ru stuff was there 5 times..

New version of plugin

Thanks for the update.

Regards,

Hide Debugger 1.2.2 has been released

more options added

good work & thanks

added protection against OutputDebugString exploit

attachment deleted because plugin may crash Olly if debug string has READONLY access, will soon be a new version.

Good work!

Thanks!

Its corrected version

_http://www.wasm.ru/forum/?action=vthread&forum=5&topic=5091&page=-1#6

Thanx Aster!x ...

Seems you defeated the newer Debugger-detection-tricks used by the latest ASPr & Arma : devil :

No more lock-ups and
"Hide Debugger <Failed to apply protection against TerminateProcess>"

for me ;-) ... respect !

One question:
The 2 radio buttons below 'TerminateProcess' are greyed-out ?
Would you be so kind as to explain ?

same here

SKiLLa



This option not works in XP sp2.



Maybe in the future I'll add code for method1 & method2 or
delete these radio buttons from dialog template

Small updating
Corrections+
Improvements+
New feature

Somebody continues to use it?

its the only plugin I do use, cheers.

some tools for testing plug-in

i continue using is a great plugin

Ricardo Narvaja

Great share Aster!x.

It's a great plugin I mostly only use HideDebugger & AdvancedOlly, eventhough the elapse a little

10x a lot Aster!x
I still use it.

Kindest regards.

thx ~
would you like to integrate some useful functions,such as allocating memory ?

(sorry for my pool english)

now source code

Thanks for sharing the source of this classic plugin Aster!x.

I updated the CRCETL entry for it:

http://www.woodmann.com/collaborative/tools/Hide_Debugger

thanks for sharing
Regards

thanks to share.

thanks to share. This plugin

Thanx~~~