易博通官方注册 (关于易博通官方注册 玩法)

易博通官方注册 是一个开源的x64/ x86的用户模式防反调试库。它的各种挂钩在用户模式功能隐藏调试。这将保持用户模式！对于内核模式挂钩使用TitanHide。

这个插件感觉蛮好用的 自定义配置文件 针对不同的壳做不同的设置  插件已配置好 VMProtect x86/x64 ThemIDA x86Obsidium x86Armadillo x86OllyDbg v1

OllyDbg v2

IDA

x64_dbg

- PEB - BeingDebugged, NtGlobalFlag, Heap Flags

- NtSetInformationThread - ThreadHideFromDebugger

- NtQuerySystemInformation - SystemKernelDebuggerInformation, SystemProcessInformation

- NtQueryInformationProcess - ProcessDebugFlags, ProcessDebugObjectHandle, ProcessDebugPort, ProcessBasicInformation

- NtQueryObject - ObjectTypesInformation, ObjectTypeInformation

- NtYieldExecution

- NtSetDebugFilterState

- NtUserBuildHwndList

- NtUserFindWindowEx

- NtUserQueryWindow

- NtClose

- GetTickCount

- BlockInput

- OutputDebugStringA

Protecting and Stealthing DRx (Hardware Breakpoints):

- NtGetContextThread

- NtSetContextThread

- KiUserExceptionDispatcher (only x86)

- NtContinue (only x86)

------------------------------------------------------

Usage standalone (debugger-independent):

InjectorCLI.exe

For example:

InjectorCLI.exe crackme.exe C:\HookLibrary.dll

------------------------------------------------------

Plugins:

- for TitanEngine: Copy HookLibrary.dll and 易博通官方注册 .dll to plugins\x86\ or plugins\x64\

(can be combined with TitanHide which does kernelmode hiding)

- for OllyDbg v1.10: Copy HookLibrary.dll and 易博通官方注册 .dll to your plugins directoy

- for OllyDbg v2.01: Copy HookLibrary.dll and 易博通官方注册 .dll to your plugins directoy

标签：易博通官方注册

版权声明：本文由用户上传，如有侵权请联系删除！