IDA Stealth Plugin v1.2 - 12/15/2009

Hmily

IDA Stealth Plugin
IDA Stealth is a plugin which aims to hide the IDA debugger from most common anti-debugging techniques. The plugin is composed of two files, the plugin itself and a dll which is injected into the debuggee as soon as the debugger attaches to the process. The injected dll actually implements most of the stealth techniques either by hooking system calls or by patching some flags in the remote process.



You can grab the plugin only or go for the complete package including the sources and all dependencies.
Consult the readme file on how to install, use and configure the plugin.
The plugin source code should build out of the box, see readme for details.
If you find bugs or want to suggest new features just drop me a mail or create a new forum topic.
Changelog12/15/2009 - v1.2

• Bugfix: RDTSC driver handling; driver service was not deleted in some rare cases
• Bugfix: RDTSC driver mode was broken due to recent BSOD fix
• Improved: IDAStealth can hide from Themida with ultra anti debugging settings
• Added: New stealth driver

huzhao23

不知道怎么用，能说明下不？

2051314

这个不是一般人会用的

Hmily

2# huzhao23



附件压缩包里有说明.

gtboy

看了下英文说明，是个防止IDA的调试被程序anti的插件
需要两个文件，一个是插件本身，另一个是注入到IDA 调试器的dll文件
能够抵抗大部分的anti-debug
技术原理：注入的dll文件采用一些技术hook系统调用或者修改被调试程序的寄存器

翻译的不是很准，呵呵
感谢Hmily牛