ScyllaHide_2019-03-06_19-23
- 将 'olly2patches.h' 添加到 VS 项目过滤器文件-DLL 注入:将 DLLUnload 的默认值更改为 0
-DLL 注入:用 NtCreateThreadEx 使用版本替换“DoThreadMagic”
-ApplyAntiAntiAttach:删除不需要的 ntdll 映像库检查 Ntdll 位于 \KnownDLLs 中,它在所有进程中始终具有相同的映像库。 注意/待办事项:这不会阻止进程在多个地址上手动映射 ntdll,但一开始从未检测到
-ApplyAntiAntiAttach:在写入之前确保页面是 RWX
(-Add 'olly2patches.h' to the VS project filters file
-DLL injection: change the default value of DLLUnload to 0
-DLL injection: replace 'DoThreadMagic' with NtCreateThreadEx-using version
-ApplyAntiAntiAttach: remove unneeded check of ntdll image base Ntdll is in \KnownDLLs, it always has the same image base in all processes. Note/TODO: this does not prevent a process from manually mapping ntdll at more than one address, but this was never detected in the first place
-ApplyAntiAntiAttach: make sure page is RWX before writing to it)
页:
[1]