About
Articles
Book Store
Distributed RCE
Downloads
Event Calendar
Forums
Live Discussion
Reference Library
RSS Feeds
Search
Users
What's New
Customize Theme
bluegrey
blackgreen
metal
simple
Flag:
Tornado!
Hurricane!
Login:
Password:
Remember Me
Register
OllyDbg Plugins
: AttachAnyway
File Information
Category
Open Source
# Downloads
Version
OllyDbg Plugins
Yes
8,975
0.3
Download from OpenRCE
MD5 Sum: 4CFFB34852761B1D0EBAB0061D04BD81
Last updated on Sep 7, 2005 with the following description: Updated to detect Piotr's anti-debugger-attach method two.
Author Information
Username
Name
E-Mail
URL
joestewart
Joe Stewart
jstewart
lurhq
com
http://www.joestewart.org/
Description
AttachAnyway is a PoC OllyDbg plugin designed to show how to remove a process' hook on NtContinue by the anti-debugger-attach method devised by Piotr Bania here:
http://pb.specialised.info/all/anti-dattach.asm
This is not intended to be a universal plugin for all anti-attach methods, just one example of how you can do it. It works by enumerating all processes, searching their virtual memory space for a JMP hook on the NtContinue method, then replacing the jump with the original bytes from a non-hooked process, then calling the OllyDbg Attachtoactiveprocess API.
attach-test.exe is an assembled version of Piotr's anti-dattach.asm you can use to test the plugin with.
There are
28,631
total registered users.
Recently Created Topics
windbg - olly/immunity
May/14
Reverse a WinRAR pac...
May/13
Add comments to resu...
May/10
can we code script ...
May/09
Type Casting Structu...
May/07
How to Reverse Engin...
May/03
Sulley on OS X (10.7)
May/01
Help me guys
May/01
IDA Resource Viewer ...
Apr/28
How do i use plugins...
Apr/27
Recent Forum Posts
windbg - olly/immunity
blowcheck
Help me guys
Olivier
Reverse a WinRAR pac...
NirIzr
windbg - olly/immunity
anonymouse
Reverse a WinRAR pac...
DriEm
Add comments to resu...
phn1x
IDA Resource Viewer ...
DriEm
Add comments to resu...
qiuhan
IDA Resource Viewer ...
waleeda...
IDA Resource Viewer ...
DriEm
Recent Blog Entries
waleedassar
Apr/20
OllyDbg NumberOfSections Crash
icegood
Apr/13
Advanced labels plugin for ...
waleedassar
Mar/31
GetModuleFileNameEx And Inf...
waleedassar
Mar/31
OllyDbg v1.10 And Wow64
waleedassar
Mar/29
OllyDbg Resource Table Pars...
More ...
Recent Blog Comments
raxen
on:
Mar/27
Anti-Dumping
Dallas
on:
Mar/22
ChapljaVM Code Obfuscator
Dallas
on:
Mar/22
Hack stuff, get paid
Dallas
on:
Mar/22
Exe Packer TAGGANT system f...
Dallas
on:
Mar/22
Olly2 SystemTray Plugin
More ...
Imagery
SoySauce Blueprint
Jun 6, 2008
[+] expand
View Gallery
(11) /
Submit
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}