search

x64dbg / ScyllaHide

Advanced usermode anti-anti-debugger. Forked from https://bitbucket.org/NtQuery/scyllahide
GNU General Public License v3.0
3.4k stars 421 forks source link

ScyllaHide for Rider or Visual Studio #143

Open Auties00 opened 2 years ago

Auties00 commented 2 years ago

Hello, I'm new to reverse engineering in C++ and I was wondering if there's any way to run an anti anti debugger insider a friendly debugger like Jetbrain's Rider or Visual Studio's. If that's not possible, is there any debugger that supports line breakpoints from the source code instead of memory breakpoints that is supported? Thanks in advance

Mattiwatti commented 2 years ago

Yes, you can use the external injector executable (InjectorCLI.exe) for this. See the documentation PDF for usage.

A downside of the external injector is that the process is not hooked until after you run the injector. So if you want to use SH with Visual Studio you may want to do something like

  1. Start process suspended.
  2. Run injector.
  3. Attach debugger to the process.
Auties00 commented 2 years ago

Yes, you can use the external injector executable (InjectorCLI.exe) for this. See the documentation PDF for usage.

A downside of the external injector is that the process is not hooked until after you run the injector. So if you want to use SH with Visual Studio you may want to do something like

  1. Start process suspended.
  2. Run injector.
  3. Attach debugger to the process.

I've tried to:

  1. Launch the process normally
  2. Inject with InjectorCLI.exe HookLibarryx64.dll
  3. Attach the debugger to the process

Though the program can still detect that a debugger was used. Did I misinterpret your instructions or simply there's nothing to do in this case?

wezzzyrek1 commented 2 weeks ago

Same issue, any better instruction how to deal with visual studio?