09-12-2020, 11:27 AM
Themida 3.x Anti-Debugger x64dbg Plugin
x64dbg plugin to bypass Themida 3.x Anti-Debugger / VM / Monitoring programs checks (64bits only)
x64dbg
DLL injection (LoadLibrary)
Hooks (MinHook)
Usage
Download the latest version of Themidie and extract Themidie.dll and Themidie.dp64 to x64dbg's plugins folder
Download the latest version of ScyllaHide and extract HookLibraryx64.dll and ScyllaHideX64DBGPlugin.dp64 to x64dbg's plugins folder
![[صورة مرفقة: 9JJZ9G.png]](https://i.hizliresim.com/9JJZ9G.png)
Start x64dbg, click on the plugins tab, go to ScyllaHide -> Options
![[صورة مرفقة: EpDVZV.png]](https://i.hizliresim.com/EpDVZV.png)
Disable everything, enable "Kill Anti-Attach" only and click on the "OK" button
![[صورة مرفقة: rvLWTR.png]](https://i.hizliresim.com/rvLWTR.png)
Go back to the plugins tab, go to Themidie -> Start, then select and open the executable that you want to debug
![[صورة مرفقة: pTxiXQ.png]](https://i.hizliresim.com/pTxiXQ.png)
When this MessageBox will apear, you will be able to attach x64dbg to the target process and debug it.
![[صورة مرفقة: eB628c.png]](https://i.hizliresim.com/eB628c.png)
Hooks
Themidie hooks the following functions:
Module Function name
kernel32.dll GetModuleHandleA
user32.dll FindWindowA
Advapi32.dll RegOpenKeyA
Advapi32.dll RegQueryValueExA
ntdll.dll NtSetInformationThread
ntdll.dll NtQueryVirtualMemory
x64dbg plugin to bypass Themida 3.x Anti-Debugger / VM / Monitoring programs checks (64bits only)
x64dbg
DLL injection (LoadLibrary)
Hooks (MinHook)
Usage
Download the latest version of Themidie and extract Themidie.dll and Themidie.dp64 to x64dbg's plugins folder
Download the latest version of ScyllaHide and extract HookLibraryx64.dll and ScyllaHideX64DBGPlugin.dp64 to x64dbg's plugins folder
Start x64dbg, click on the plugins tab, go to ScyllaHide -> Options
Disable everything, enable "Kill Anti-Attach" only and click on the "OK" button
Go back to the plugins tab, go to Themidie -> Start, then select and open the executable that you want to debug
When this MessageBox will apear, you will be able to attach x64dbg to the target process and debug it.
Hooks
Themidie hooks the following functions:
Module Function name
kernel32.dll GetModuleHandleA
user32.dll FindWindowA
Advapi32.dll RegOpenKeyA
Advapi32.dll RegQueryValueExA
ntdll.dll NtSetInformationThread
ntdll.dll NtQueryVirtualMemory