09-05-2019, 09:05 AM
.Now more and more 64-bit system, ollydbg is a very useful debugger, but in 64-bit system, can not find support ollydbg hidden plugin, so I coded Sharpod plugin
.Use with the Strong plugin. Other hidden plugins may cause conflicts, such as: PhantmOm ScyllaHide
Novice recommended configuration
.Use with the Strong plugin. Other hidden plugins may cause conflicts, such as: PhantmOm ScyllaHide
Novice recommended configuration
![[صورة مرفقة: FB1Kkwy.jpg]](https://i.imgur.com/FB1Kkwy.jpg)
![[صورة مرفقة: W3hZGwa.jpg]](https://i.imgur.com/W3hZGwa.jpg)
- Hide Peb64
- Change Caption (random all (window & sub windows & menu) caption)
- Hide Process
- Fake ParentProcess
- Show CrashInfo
- Hook *ZwFunctions (This function mainly reference to Strong Plugin driver source)
- Remove DebugPrivileges
- VMP3.1(above) (VMP3.1 or later uses the syscall privilege command to query ProcessDebugFlags )
- Protect Drx
Driver
- Hook SSDT (invalid)
- Hook ShadowSSDT(invalid)
- restore DebugObject ValidAccessMask
- Bypass ObjectHook(Process&Thread)
I tested the following protection ,working my WIN7 and WIN10 64-bit system
- Safengine NetLicenseor v2.3.9.0
- WinLicense_x32_x64_v2.3.9.0
- Themida_x32_x64_v2.4.6.0
- VMProtect 2.x - 3.1.2
- VProtect Pro 2.1
- Obsidium v1.5.2
- ZProtect v1.6
- Yoda's Protect v1.03
http://s2.dosya.tc/server8/cv9m5a/SharpOD_x64_v0.6b-password_123_.rar.html
![[صورة مرفقة: 19nmZG.png]](https://i.hizliresim.com/19nmZG.png)
![[صورة مرفقة: myqo12o.gif]](https://i.hizliresim.com/myqo12o.gif)
![[صورة مرفقة: mi11ud7.gif]](https://i.hizliresim.com/mi11ud7.gif)
![[صورة مرفقة: gzg6wvl.gif]](https://i.hizliresim.com/gzg6wvl.gif)