AttachAnyway是一个PoC OllyDbg插件，用于演示如何通过Piotr Bania设计的反调试器attach方法删除NtContinue上的进程挂钩，如下所示：
这并不是一个针对所有反连接方法的通用插件，只是一个示例。它的工作原理是枚举所有进程，在NtContinue方法上搜索虚拟内存空间中的JMP钩子，然后用非钩子进程中的原始字节替换跳转，然后调用OllyDbg attachtoactiveprocessapi。

(AttachAnyway is a PoC OllyDbg plugin designed to show how to remove a process' hook on NtContinue by the anti-debugger-attach method devised by Piotr Bania here:
This is not intended to be a universal plugin for all anti-attach methods, just one example of how you can do it. It works by enumerating all processes, searching their virtual memory space for a JMP hook on the NtContinue method, then replacing the jump with the original bytes from a non-hooked process, then calling the OllyDbg Attachtoactiveprocess API.)

1617273620119.rar

2021-4-1 18:40 上传

文件大小: 36 KB
下载次数: 0

AttachAnyway是一个PoC OllyDbg插件，用于演示如何通过Piotr Bania设计的反调试器attach方法删除NtContinue上的进程挂钩，如下所示：
这并不是一个针对所有反连接方法的通用插件，只是一个示例。它的工作原理是枚举所有进程，在NtContinue方法上搜索虚拟内存空间中的JMP钩子，然后用非钩子进程中的原始字节替换跳转，然后调用OllyDbg attachtoactiveprocessapi。

(AttachAnyway is a PoC OllyDbg plugin designed to show how to remove a process' hook on NtContinue by the anti-debugger-attach method devised by Piotr Bania here:
This is not intended to be a universal plugin for all anti-attach methods, just one example of how you can do it. It works by enumerating all processes, searching their virtual memory space for a JMP hook on the NtContinue method, then replacing the jump with the original bytes from a non-hooked process, then calling the OllyDbg Attachtoactiveprocess API.)

1617273620119.rar

2021-4-1 18:40 上传

文件大小: 36 KB
下载次数: 0