📄 mgphantom.pas

📁 PhantOm,Ollydbg隐藏调试的辅助插件代码！
💻 PAS
字号:
unit  mgPhantOm;
interface

uses
  Windows,
  Messages,
  SysUtils,
  ShellAPI,
  Plugin;

var
  g_hwndOlly: HWND;
  g_hmodOlly: HMODULE;

  //
  g_hmodPlugin     :HMODULE;
  g_strPluginName  :string;
  g_dwPluginVer    :DWORD;

  g_dwCount : DWORD;
  g_bRunOptionLog : DWORD;
  g_dwDELTARDTSC :DWORD;

  //
  g_hwndOption : HWND;

  //
  g_hmodNTDLL: HMODULE;
  g_hmodKERNEL: HMODULE;

  g_procDbgBreakPoint : Pointer;
  g_procRtlRaiseException:Pointer;

  //
  g_bHookRDTSC         :DWORD;
  g_bRDTSCLogon        :Boolean;
  g_bHideOllyDbgWin    :DWORD;
  g_bHookNtSetContextThread :DWORD;
  g_bLoadDriver        :DWORD;
  g_bDriverLogon       :Boolean;

  g_bHideFromPEB       :DWORD;
  g_bProtectDRx			   :DWORD;
  g_bPathODStringAndFPUBugs :DWORD;
  g_bHookBlockInput		:DWORD;
  g_bHookGetTickCount	:DWORD;
  g_bHookGetProcessTimes		 :DWORD;
  g_bRemoveEPBreak			     :DWORD;
  g_bCustomHandlerExcept		 :DWORD;
  g_bChangeOllyDbgCaption	   :DWORD;
  g_bChangeOllyCPUCaption    :DWORD;

  //
  g_dwDbgEventCode           :DWORD;
  g_DebugEvent               :PDebugEvent;

  //不太清楚的标志:
  g_bUnkLogon1      : BOOL;  //893ABC
  g_dwWriteBufNull  : DWORD;  //893AD4

  //
  g_BreakPointTypeAddr       :DWORD;

//--------------------------------------------------------------------------------------------------------
//
//外部可访问接口声明
function  mg_HideOllyDbgWin() :Integer;
function  mg_LoadDriver():Integer;
function  mg_ExitDriver():Integer;
function  mg_LoadRDTSC():Integer;
function  mg_ExitRDTSC():Integer;

//================================================
//
procedure  mg_ModfiyDbgBreakPoint();
procedure  mg_ModfiyNtQueryInformationProcess();
procedure  mg_ModfiyBlockInput();

implementation
  
//--------------------------------------------------------------------------------------------------------
//
//具体实现(如声明的函数,过程的实现)
function  mg_HideOllyDbgWin() :Integer;
begin
  Result := 0;
end;

function  mg_LoadDriver():Integer;
begin
  Result := 0;
end;

function  mg_ExitDriver():Integer;
begin
  Result := 0;
end;

function  mg_LoadRDTSC():Integer;
begin
  Result := 0;
end;

function  mg_ExitRDTSC():Integer;
begin
  Result := 0;
end;

//--------------------------------------------------------------------------------------------------------
//
procedure  mg_ModfiyDbgBreakPoint();
var
  addr1 : DWORD;
  addr2 : DWORD;
  pbybuf : PByte;
  byval : Byte;
  dwret : DWORD;
begin
  addr1  := g_hmodPlugin + $034E37;
  byval := $90;
  addr2  := addr1;
  pbybuf := PByte(addr1);

  if( (pbybuf^ <> $90) and (pbybuf^ = $74) ) then
  begin
    WriteProcessMemory(GetCurrentProcess(), Pointer(addr2) , @byval , $01 , dwret );
    WriteProcessMemory(GetCurrentProcess(), Pointer(addr1 + $01) , @byval , $01 , dwret );

    addr1  := g_hmodPlugin + $034E44;
    byval := $EB;
    WriteProcessMemory(GetCurrentProcess(), Pointer(addr1) , @byval , $01 , dwret );
  end;
end;


//--------------------------------------------------------------------------------------------------------
//
procedure  mg_ModfiyNtQueryInformationProcess();
begin

end;

procedure  mg_ModfiyBlockInput();
begin

end;

end.
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -