Awesome
ScyllaHide
ScyllaHide is an advanced open-source x64/x86 user mode Anti-Anti-Debug library. It hooks various functions to hide debugging. This tool is intended to stay in user mode (ring 3). If you need kernel mode (ring 0) Anti-Anti-Debug, please see TitanHide. Forked from NtQuery/ScyllaHide.
ScyllaHide supports various debuggers through plugins:
- OllyDbg v1 and v2
- x64dbg
- Hex-Rays IDA v6 (not supported)
- TitanEngine v2 (original and updated versions)
PE x64 debugging is fully supported with plugins for x64dbg and IDA.
Please note that ScyllaHide is not limited to these debuggers. You can use the standalone command line version of ScyllaHide. You can inject ScyllaHide into any process debugged by any debugger.
More information is available in the documentation (PDF).
License
ScyllaHide is licensed under the GNU General Public License v3.
Special thanks to
- What for his POISON Assembler source code
- waliedassar for his blog posts
- Peter Ferrie for his PDFs
- MaRKuS-DJM for Olly Advanced
- Lim Bio Liong for MS Spy++ style Window Finder