OpenRCE

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Created: Thursday, August 18 2011 10:01.06 CDT

Printer Friendly ...

Stealthy Profiling and Debugging of Malware

Author: jraber

# Views: 2489

Here is a Windows driver I developed that I presented at Blackhat this year. Enjoy

Hades is a tool for dynamic application analysis on Microsoft Windows-based systems. It has function hooking capabilities similar to those of Microsoft Detours and WinAPIOverride (WAO), and it can also function as a debugger. It was developed to allow analysis of malware binaries that were able to detect Detours and WAO.

https://github.com/jnraber/Hades

Blog Comments

ROH	Posted: Thursday, August 25 2011 16:26.20 CDT
Does it work with Windows 7?

jraber	Posted: Wednesday, August 31 2011 08:39.43 CDT
I haven't had a chance to test that yet. Most of the time I am looking at malware on XP, however, in the next couple of weeks I will be looking at some on 7. As long as DEP is turned off it should work. Will let you know in a few weeks for sure Jason Raber

There are 29,950 total registered users.

Recently Created Topics
Disassembling Motoro...	Jun/13
ida plugin writing f...	Jun/02
New version of RE-Go...	May/29
Decompiling raw bina...	May/22
Incorrect bitness wh...	May/20
PaiMei stalker modul...	May/19
Attach to program us...	May/13
IDA PRO how to make ...	May/12
FACT: OpenRCE is dead.	May/08
Int 3 anti debug?	May/05

Recent Forum Posts
Good Binary Code Pro...	alton
Int 3 anti debug?	SteveIRQL
Attach to program us...	SteveIRQL
Ollydbg 2.0 - Plugin...	openrce...
IDA PRO how to make ...	codeinject
FACT: OpenRCE is dead.	codeinject
IDA Resource Viewer ...	r2x64
FACT: OpenRCE is dead.	djnemo
FACT: OpenRCE is dead.	codeinject
FACT: OpenRCE is dead.	pedram

Recent Blog Entries
	lowpriority	Apr/13
OllyMigrate Plugin for Olly...
	everdox	Mar/08
2 anti-trace mechanisms spe...
	everdox	Mar/07
Advanced debugging techniques
	everdox	Mar/06
Branch tracing and LBR acce...
	everdox	Mar/05
Using pre-paged in virtual ...
More ...

Recent Blog Comments
	newlulu on:	Jun/10
Branch tracing and LBR acce...
	newlulu on:	Jun/10
Advanced debugging techniques
	newlulu on:	Jun/10
2 anti-trace mechanisms spe...
	newlulu on:	Jun/10
OllyMigrate Plugin for Olly...
	clarisonic on:	Apr/03
New version of Ollydbg!
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit