crazykid199 / uberstealth Goto Github PK
View Code? Open in Web Editor NEWAutomatically exported from code.google.com/p/uberstealth
Automatically exported from code.google.com/p/uberstealth
What steps will reproduce the problem?
1. Select "Automatically pass unknown exception to debuggee".
What is the expected output? What do you see instead?
The exceptions are not passed to the debuggee.
Original issue reported on code.google.com by [email protected]
on 18 Sep 2011 at 3:39
What steps will reproduce the problem?
1. Selecting any of the SEH support functions has no effect.
What is the expected output? What do you see instead?
The debugger can not be halted on SEH or after EIP has changed. Logging doesn't
work as well.
Original issue reported on code.google.com by [email protected]
on 18 Sep 2011 at 3:41
What feature do you suggest?
Implement countermeasures for the anti-debugging technique based on the
GetStartupInfoA API.
Original issue reported on code.google.com by [email protected]
on 13 Sep 2011 at 10:32
What steps will reproduce the problem?
1. Select "Hide debugger windows" under "Stealth Options 2"
2.
3.
What is the expected output? What do you see instead?
The OllyDbg Windows should be hidden from the debuggee.
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 13 Sep 2011 at 7:04
fix deprecated used API in drivers:
(from compiler output)
warning C4996: 'MmCreateMdl': was declared deprecated
warning C4996: 'MmMapLockedPages': was declared deprecated
warning C4996: 'ExAllocatePool': was declared deprecated
Original issue reported on code.google.com by [email protected]
on 11 Jan 2012 at 9:33
What steps will reproduce the problem?
1. Select any SEH monitoring option.
What is the expected output? What do you see instead?
The debugger can not be halted on SEH or after EIP has changed. Logging also
doesn't work.
Original issue reported on code.google.com by [email protected]
on 18 Sep 2011 at 5:37
What feature do you suggest?
There should be an option to (at least) write a message to the OllyDbg/IDA log
window whenever the debuggee tries to
1) terminate any process
2) spawn a new process with debugging flags (DEBUG_ONLY_THIS_PROCESS)
3) use WriteProcessMemory on the own address space (e.g. to evade hardware
breakpoints)
4) possibly other events(?)
Ideally, the debugge should be halted before performing such actions.
Original issue reported on code.google.com by [email protected]
on 13 Sep 2011 at 10:40
[deleted issue]
What steps will reproduce the problem?
1. Select remote windbg debugger
2. Start the debugger
What is the expected output? What do you see instead?
uberstealth should inject the dll into the remote process. Instead it tries to
inject into a local process with the same process id.
Original issue reported on code.google.com by [email protected]
on 24 Feb 2012 at 9:12
What steps will reproduce the problem?
1. Turn on the checkbox "Automatically hald debugger at new EIP after SEH
exception"
2.
3.
What is the expected output? What do you see instead?
I see that when having single step tracing (TF=1) plugin puts breakpoint on
every executed line!
What version of the product are you using? On what operating system?
built manually, taken from latest git trunk
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 12 Jan 2012 at 6:49
What feature do you suggest?
Implement countermeasures for the anti-debugging techniques based on the
NtSystemDebugControl API.
Original issue reported on code.google.com by [email protected]
on 13 Sep 2011 at 10:30
What steps will reproduce the problem?
1. Select "Improved NtClose".
2. Start the debugger and let the debugge close an invalid handle.
What is the expected output? What do you see instead?
The NtClose API raises an exception but the plugin should prevent this.
Please provide any additional information below.
The issue only appears on 64 bit Windows.
Original issue reported on code.google.com by [email protected]
on 26 Sep 2011 at 7:00
What steps will reproduce the problem?
1. Make IDT hook atomic
2.
3.
What is the expected output? What do you see instead?
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 8 Nov 2011 at 7:28
Hidedebugger and uberstealth projects have hardcoded absolute pathes inside
Idea is to base on some environmental variable,
eg: $(OLLY), $(IDA)
Also C++ and Linker sections could reuse these...
Original issue reported on code.google.com by [email protected]
on 11 Jan 2012 at 9:14
What steps will reproduce the problem?
1. Enable uberstealth in IDA.
2. Start the win32 remote debugger.
3. Start the remote stealth server.
What is the expected output? What do you see instead?
The stealth options should be applied to the remote process. Instead
uberstealth tries to inject into a process on the local machine.
Original issue reported on code.google.com by [email protected]
on 18 Sep 2011 at 3:49
What feature do you suggest?
Dll injection upon process startup could be realized via APC injection.
Please provide any additional information below.
One advantage of APC injection is that it is more robust in the presence of
non-standard PE headers. Also, it might be a bit more stealthy since there
would be no image import descriptor entry in the address space pointing at the
name/path of the injected dll.
Original issue reported on code.google.com by [email protected]
on 28 Sep 2011 at 9:47
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.