ScyllaHide
ScyllaHide is an advanced open-source x64/x86 usermode Anti-Anti-Debug library. It hooks various functions in usermode to hide debugging. This tool is intended to stay in usermode (ring3). If you need kernelmode (ring0) Anti-Anti-Debug please see TitanHide https://github.com/mrexodia/titanhide.
ScyllaHide supports various debuggers with plugins:
- OllyDbg v1 and v2 http://www.ollydbg.de
- x64dbg http://x64dbg.com or https://github.com/x64dbg/x64dbg
- Hex-Rays IDA v6+ https://www.hex-rays.com/products/ida
- TitanEngine v2 https://bitbucket.org/titanengineupdate/titanengine-update and http://www.reversinglabs.com/open-source/titanengine.html
PE x64 debugging is fully supported with plugins for x64dbg and IDA.
Please note: ScyllaHide is not limited to these debuggers. You can use the standalone commandline version of ScyllaHide. You can inject ScyllaHide in any process debugged by any debugger.
More information is available in the documentation: https://bitbucket.org/NtQuery/scyllahide/downloads/ScyllaHide.pdf
Source code license: GNU General Public License v3 https://www.gnu.org/licenses/gpl-3.0.en.html
Special thanks to:
- What for his POISON Assembler source code https://tuts4you.com/download.php?view.2281
- waliedassar for his blog posts http://waleedassar.blogspot.de
- Peter Ferrie for his PDFs http://pferrie.host22.com
- MaRKuS-DJM for OllyAdvanced assembler source code
- MS Spy++ style Window Finder http://www.codeproject.com/Articles/1698/MS-Spy-style-Window-Finder