ScyllaHide: advanced open-source x64/x86 usermode Anti-Anti-Debug library
iSpeech
ScyllaHide is an advanced open-source x64/x86 usermode Anti-Anti-Debug library. It hooks various functions in usermode to hide debugging. This tool is intended to stay in usermode (ring3).
ScyllaHide supports various debuggers with plugins:
- OllyDbg v1 and v2 http://www.ollydbg.de
- x64dbg http://x64dbg.com or https://github.com/x64dbg/x64dbg
- Hex-Rays IDA v6+ https://www.hex-rays.com/products/ida
- TitanEngine v2 https://bitbucket.org/titanengineupdate/titanengine-update and http://www.reversinglabs.com/open-source/titanengine.html
PE x64 debugging is fully supported with plugins for x64dbg and IDA.
Please note: ScyllaHide is not limited to these debuggers. You can use the standalone commandline version of ScyllaHide. You can inject ScyllaHide in any process debugged by any debugger.
[adsense size='1' ]
Features
- Anti-Anti-Debug
- Process Environment Block (PEB)
- NtSetInformationThread
- NtSetInformationProcess
- NtQuerySystemInformation
- NtQueryInformationProcess
- NtQueryObject
- NtYieldExecution
- NtCreateThreadEx
- OutputDebugStringA (deprecated since v1.3)
- BlockInput
- NtUserFindWindowEx
- NtUserBuildHwndList
- NtUserQueryWindow
- NtSetDebugFilterState
- NtClose
- Remove Debug Privileges
- Hardware Breakpoint Protection (DRx)
- Timing
- Raise Exception
- Special
- DLL Injection
- Prevent Thread Creation
- RunPE Unpacker
- Improved Attach Dialog
- OllyDbg v1 Specific
- Remove entry point breakpoint
- Fix Olly Bugs
- x64 single-step fix
- Skip Entrypoint outside code
- Ignore bad PE image
- Skip compressed code warning
- Skip ”load dll” warning
- Break on TLS
- Advanced CTRL+G
- Change window caption
- Special Keyboard Shortcuts
- Custom Toolbar
- Exception Problem
- OllyDbg v2 Specific
- Change window caption
- IDA Specific
- Server Option
- x64dbg Specific
- TitanEngine Specific
Copyright (C) 2014 Mattiwatti
Gloss