search

x64dbg / ScyllaHide

Advanced usermode anti-anti-debugger. Forked from https://bitbucket.org/NtQuery/scyllahide
GNU General Public License v3.0
3.48k stars 434 forks source link

add support for v8.3 ida pro plugin #162

Open geocine opened 9 months ago

geocine commented 9 months ago

https://github.com/x64dbg/ScyllaHide/issues/97 https://github.com/x64dbg/ScyllaHide/issues/22

I need to focus on the x86 implementation for the ScyllaHideIDAProPlugin, including compiling its documentation. Where is the appropriate place to incorporate this documentation? Additionally, I am not a C++ developer; I'm improvising as I go. Therefore, I welcome any suggestions or revisions necessary for this contribution to be accepted.

I used this this QT version https://hex-rays.com/blog/ida-8-3-qt-5-15-2-sources-build-scripts/

geocine commented 9 months ago

I simplified this PR further I removed x86 support for the IDA plugin. As starting 7.0 IDA has shifted to native 64-bit. Also on the latest 8.3 SDK I did not see support for x86.

I removed the overcomplicated compilation steps which involved QT . I utilized the GetForegroundWindow function instead like how it has been used on previous PRs. This PR should be ready for review

geocine commented 9 months ago

https://github.com/x64dbg/ScyllaHide/commit/50c9efa33a614effaaf6a59ba9012786f7fcde2a

mstsc_wVE0keCjhE

I am not really sure what OtherOperationCount is, you guys can check my code.

mrexodia commented 9 months ago

Didn't forget about this, just been busy...

Mattiwatti commented 9 months ago

Re: OtherOperationCount: you can probably ignore this as I've seen this test fail reliably outside of IDA too. So I think this is just a buggy test we need to fix separately. Or is it somehow working on your machine, except when running in IDA?

I expect it will fail the same way if you run the test in a different debugger, if so you can just ignore it.

mrexodia commented 8 months ago

I made some minor changes and it looks like GitHub Actions is now happy. We could merge it as-is already, but are you sure everything is working? It seems like the IDA server executable might not work correctly in this configuration, but I didn't test yet...

What were the rough steps you took to get this working and was it with the local debugger or the remote one?

geocine commented 8 months ago

What were the rough steps you took to get this working and was it with the local debugger or the remote one?

To be honest I have limited knowledge of IDA and reversing. I only tested it on a binary that has a debug protection by loading it on IDA and pressing debug.

Slluxx commented 4 months ago

The latest build does not seem to work.

HookLibraryx64.dll: not IDA DLL file ScyllaHideIDAProPluginx64.dll) error: Eine DLL-Initialisierungsroutine ist fehlgeschlagen. ( A DLL initialization routine failed.) ScyllaHideIDAProPluginx64.dll: can't load file