About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New


Customize Theme

Flag: Tornado! Hurricane!

Other: ADHD - Another Debugger Hiding Driver

File Information
Category Open Source # Downloads Version
Other Yes 3,862 0.0.8

Download from OpenRCE
MD5 Sum: 1B6DFB7882C12A92910D8288D5199138

Last updated on Oct 5, 2006.

Author Information
Username Name E-Mail URL
 AlanBradley Alan Bradley abradleyfastmailfm http://

Description ADHD - Another Debugger Hiding Driver

This is a kernel driver that obscures some of the ways a debugger can be detected in Userland.

1. Resets PEB->BeingDebugged flag
2. Hooks ZwQueryInformationProcess to zero DebugPort
3. Protects DbgUiRemoteBreakin and DbgBreakpoint from modifications
4. Resets parent PID to explorer.exe
5. Blocks ZwSetInformationProcess(ThreadHideFromDebugger)

Stuff you still need to do:

1. Exception re-delivery. This is handled by good userland debuggers.
2. Hide your debugger process with FUTo.
3. Obfuscate your debugger's title with an injected DLL (Use CLU+Tron)
4. Software breakpoint scanning (Use CLU+Tron)
5. Wall clock time (script your debugger or use tracing)
Active in Last 5 Minutes
Invisible

There are 29,898 total registered users.


Recently Created Topics
Decompiling raw bina...
May/22
Incorrect bitness wh...
May/20
PaiMei stalker modul...
May/19
Attach to program us...
May/13
IDA PRO how to make ...
May/12
FACT: OpenRCE is dead.
May/08
Int 3 anti debug?
May/05
help needed - Beginn...
May/03
Attaching IDA Pro to...
Apr/27
File type
Apr/21


Recent Forum Posts
Ollydbg 2.0 - Plugin...
openrce...
IDA PRO how to make ...
codeinject
FACT: OpenRCE is dead.
codeinject
IDA Resource Viewer ...
r2x64
FACT: OpenRCE is dead.
djnemo
FACT: OpenRCE is dead.
codeinject
FACT: OpenRCE is dead.
pedram
help needed - Beginn...
araujo
Attaching IDA Pro to...
codeinject
Int 3 anti debug?
codeinject


Recent Blog Entries
lowpriority
Apr/13
OllyMigrate Plugin for Olly...
everdox
Mar/08
2 anti-trace mechanisms spe...
everdox
Mar/07
Advanced debugging techniques
everdox
Mar/06
Branch tracing and LBR acce...
everdox
Mar/05
Using pre-paged in virtual ...
More ...


Recent Blog Comments
clarisonic on:
Apr/03
New version of Ollydbg!
clarisonic on:
Apr/03
New version of Ollydbg!
trackerx90 on:
Mar/04
SuppressDebugMsg As Anti-De...
coachfactory on:
Feb/25
Portable Executable Format ...
coachfactory on:
Feb/25
A new Anti-Olly trick.
More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit