About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Store Users What's New


Customize Theme

Flag: Tornado! Hurricane!

Other: ADHD - Another Debugger Hiding Driver

File Information
Category Open Source # Downloads Version
Other Yes 2,378 0.0.8

Download from OpenRCE
MD5 Sum: 1B6DFB7882C12A92910D8288D5199138

Last updated on Oct 5, 2006.

Author Information
Username Name E-Mail URL
 AlanBradley Alan Bradley abradleyfastmailfm http://

Description ADHD - Another Debugger Hiding Driver

This is a kernel driver that obscures some of the ways a debugger can be detected in Userland.

1. Resets PEB->BeingDebugged flag
2. Hooks ZwQueryInformationProcess to zero DebugPort
3. Protects DbgUiRemoteBreakin and DbgBreakpoint from modifications
4. Resets parent PID to explorer.exe
5. Blocks ZwSetInformationProcess(ThreadHideFromDebugger)

Stuff you still need to do:

1. Exception re-delivery. This is handled by good userland debuggers.
2. Hide your debugger process with FUTo.
3. Obfuscate your debugger's title with an injected DLL (Use CLU+Tron)
4. Software breakpoint scanning (Use CLU+Tron)
5. Wall clock time (script your debugger or use tracing)

There are 16,600 total registered users.


Recently Created Topics
how to crate a PATC...
Mar/10
wsnpoem audio.dll
Mar/09
suggestions - RE tra...
Mar/09
Requesting Suggestio...
Mar/06
Force enable debug p...
Mar/05
upgrading new image ...
Mar/03
upgrading new image ...
Mar/03
upgrading new image ...
Mar/03
Can some one give me...
Mar/02
Error in generating ...
Feb/28


Recent Forum Posts
wsnpoem audio.dll
zhane
suggestions - RE tra...
Silkut
how to crate a PATC...
Silkut
suggestions - RE tra...
RolfRolles
wsnpoem audio.dll
debbie
Requesting Suggestio...
secursig
Requesting Suggestio...
phn1x
how to get executabl...
RabidCi...
how to get executabl...
RabidCi...
Force enable debug p...
Silkut


Recent Blog Entries
RolfRolles
Mar/08
Compiler Optimizations for ...
ReWolf
Mar/04
When memory management goes...
thesprawler
Feb/20
log1949.txt -- Wondering ho...
thesprawler
Feb/20
log1949.log -- created on C...
thesprawler
Feb/17
Trying to reverse the firmw...
More ...


Recent Blog Comments
Boken on:
Mar/12
Compiler Optimizations for ...
wildinto on:
Mar/10
Compiler Optimizations for ...
Orr on:
Mar/10
Compiler Optimizations for ...
bughoho on:
Mar/09
Compiler Optimizations for ...
cliffwolf on:
Mar/08
Compiler Optimizations for ...
More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit