phantom.dpr

PhantOm,Ollydbg隐藏调试的辅助插件代码！

library PhantOm;

{ Important note about DLL memory management: ShareMem must be the
  first unit in your library's USES clause AND your project's (select
  Project-View Source) USES clause if your DLL exports any procedures or
  functions that pass strings as parameters or function results. This
  applies to all strings passed to and from your DLL--even those that
  are nested in records and classes. ShareMem is the interface unit to
  the BORLNDMM.DLL shared memory manager, which must be deployed along
  with your DLL. To avoid using BORLNDMM.DLL, pass string information
  using PChar or ShortString parameters. }

//------------------------------------------------------------------------------------------------------------
//{$R *.res}
{$R 'PhantOm.res' 'PhantOm.rc'}


//------------------------------------------------------------------------------------------------------------
//
uses
  Windows,
  Messages,
  SysUtils,
  ShellAPI,
  System,
  Plugin;

var
  g_hwndOlly: HWND;
  g_hmodOlly: HMODULE;

  //
  g_hmodPlugin     :HMODULE;
  g_strPluginName  :string;
  g_dwPluginVer    :DWORD;

  g_dwCount : DWORD;
  g_bRunOptionLog : DWORD;
  g_dwDELTARDTSC :DWORD;

  //
  g_hwndOption : HWND;

  //
  g_hmodNTDLL: HMODULE;
  g_hmodKERNEL: HMODULE;

  g_procDbgBreakPoint : Pointer;
  g_procRtlRaiseException:Pointer;

  //
  g_bHookRDTSC         :DWORD;
  g_bHideOllyDbgWin    :DWORD;
  g_bHookNtSetContextThread :DWORD;
  g_bLoadDriver        :DWORD;

  g_bHideFromPEB       :DWORD;
  g_bProtectDRx			   :DWORD;
  g_bPathODStringAndFPUBugs :DWORD;
  g_bHookBlockInput		:DWORD;
  g_bHookGetTickCount	:DWORD;
  g_bHookGetProcessTimes		 :DWORD;
  g_bRemoveEPBreak			     :DWORD;
  g_bCustomHandlerExcept		 :DWORD;
  g_bChangeOllyDbgCaption	   :DWORD;

resourcestring
  PLUGIN_NAME     = 'PhantOm';
  PLUGIN_VER      = '1.20';
  PLUGIN_DEV      = 'Hellsp@wn &Archer';


//--------------------------------------------------------------------------------------------------------
//
const   IDC_BTN_SAVE              = 107 ;

const	  IDC_CHK_HookRDTSC			    = 308 ;
const   IDC_CHK_HideOllyDbgWin    = 312 ;
const   IDC_CHK_HookNtSetContextThread = 304;
const   IDC_CHK_LoadDriver        = 303 ;

const   IDC_CHK_HideFromPEB       = 301 ;
const	  IDC_CHK_ProtectDRx			  = 302 ;
const	  IDC_CHK_PathODStringAndFPUBugs = 305;
const	  IDC_CHK_HookBlockInput		= 306 ;
const	  IDC_CHK_HookGetTickCount	=	307 ;
const	  IDC_CHK_HookGetProcessTimes		 = 309;
const	  IDC_CHK_RemoveEPBreak			= 310 ;
const	  IDC_CHK_CustomHandlerExcept		 = 311;
const	  IDC_CHK_ChangeOllyDbgCaption	 = 313;

//--------------------------------------------------------------------------------------------------------
//
function  mg_GetTickCount():Integer;
var
  lppercount : Int64;
begin
   if( Integer(QueryPerformanceCounter(lppercount)) <> 0 ) then
   begin
      Result := Integer(lppercount);
      g_dwCount := Result;
      Exit;
   end;
   Result := GetTickCount();
   g_dwCount := Result;
end;

function  mg_GetModuleName( {hModule:HMODULE} ):string;
var name:array[0..MAX_PATH] of Char;
begin
  FillChar(name,MAX_PATH + 1 , 0 );
  GetModuleFileName( 0 ,name ,MAX_PATH + 1 );

  Result := name;
end;


//--------------------------------------------------------------------------------------------------------
//
function ODBG_Plugindata(name: PChar): Integer; cdecl;
begin
  StrLCopy(name, 'PhantOm',32);//PChar(PLUGIN_NAME), 32); // Name of plugin
  Result := PLUGIN_VERSION;
end;

//--------------------------------------------------------------------------------------------------------
//
function ODBG_Plugininit(ollydbgversion: Integer; hWndOlly: HWND; features: PULONG): Integer; cdecl;
begin

  if (ollydbgversion < PLUGIN_VERSION) then
  begin
    Addtolist(0, 1, 'Only for OllyDbg 1.10');
    Result := -1;
    Exit;
  end;

  if ( Win32MinorVersion <> 2 ) then
  begin
    Addtolist(0, 1, 'Only for Windows 2000/XP/NT');
    Result := -1;
    Exit;
  end;

  //保存句柄:
  g_hwndOlly := hWndOlly;
  Addtolist(0, 1, '');
  Addtolist(0, 1, 'PhantOm plugin %s','1.20');//PLUGIN_VER);
  Addtolist(0, -1, '    by %s','Hellsp@wn &Archer');//PLUGIN_DEV);

  g_strPluginName := ExtractFilePath( mg_GetModuleName( ) );
  g_hmodPlugin := GetModuleHandle( PChar(g_strPluginName) );
  Result := 0;
end;


//--------------------------------------------------------------------------------------------------------
//
function ODBG_Pluginmenu(origin: Integer; pData: PChar; pItem: Pointer): Integer; cdecl;
begin
  case origin of
    PM_MAIN:
      begin
        // Plugin menu in main window
        StrCopy(pData, '0 Options, | 1 About');
        Result := 1;
      end;
  else
    Result := 0; // Any other window
  end;
end;


//--------------------------------------------------------------------------------------------------------
//
procedure  mg_SaveCheckDlgBtn() ;
var
  iHideOD : Integer;
  iHKNtSetContextThread :Integer;
  iLoadDriver :Integer;

  iRes : Integer;
begin
  iHideOD := SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_HideOllyDbgWin ),
              BM_GETCHECK,0,0);

  iHKNtSetContextThread := SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_HookNtSetContextThread ),
              BM_GETCHECK,0,0);

  iLoadDriver := SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_LoadDriver ),
              BM_GETCHECK,0,0);
              
  if( (iHideOD = 0) and (iHKNtSetContextThread = 0) ) then
  begin
    MessageBox( g_hwndOption ,
    'Hide OllyDbg Windows -> using driver! please turn load driver option on.',
    'Option Warnning !',MB_OK or MB_ICONASTERISK);

    SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_HideOllyDbgWin ),
              BM_SETCHECK,0,0);

    Pluginwriteinttoini( HInstance {g_hmodOlly} , 'WINDOWS',0 );
    Exit;
  end;
  
  if ( (iHKNtSetContextThread = 0) and (iLoadDriver = 0) ) then
  begin
    MessageBox( g_hwndOption ,
    'Hook NtSetContextThread -> using driver! please turn load driver option on.',
    'Option Warnning !',MB_OK or MB_ICONASTERISK);

    SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_HookNtSetContextThread ),
              BM_SETCHECK,0,0);

    Pluginwriteinttoini( HInstance {g_hmodOlly} , 'SETCONTEXT',0 );
    Exit;
  end;
   iRes := SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_HideFromPEB ),
              BM_GETCHECK,0,0);
   Pluginwriteinttoini( HInstance , 'PEB', iRes);

   iRes := SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_HookGetTickCount ),
              BM_GETCHECK,0,0);
   Pluginwriteinttoini( HInstance , 'GETCOUNT', iRes);

   iRes := SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_ProtectDRx ),
              BM_GETCHECK,0,0);
   Pluginwriteinttoini( HInstance , 'DRX', iRes);

   iRes := SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_HookNtSetContextThread ),
              BM_GETCHECK,0,0);
   Pluginwriteinttoini( HInstance , 'SETCONTEXT', iRes);

   iRes := SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_PathODStringAndFPUBugs ),
              BM_GETCHECK,0,0);
   Pluginwriteinttoini( HInstance , 'DEBSTRING', iRes);

   iRes := SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_HookBlockInput ),
              BM_GETCHECK,0,0);