phantom.dpr

PhantOm,Ollydbg隐藏调试的辅助插件代码！

   Pluginwriteinttoini( HInstance , 'CAPTION', iRes);

   iRes := SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_HookGetProcessTimes ),
              BM_GETCHECK,0,0);
   Pluginwriteinttoini( HInstance , 'GETTIMES', iRes);

   iRes := SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_RemoveEPBreak ),
              BM_GETCHECK,0,0);
   Pluginwriteinttoini( HInstance , 'REMOVEEP', iRes);

   iRes := SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_CustomHandlerExcept ),
              BM_GETCHECK,0,0);
   Pluginwriteinttoini( HInstance , 'HANDLE', iRes);

   iRes := SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_HideOllyDbgWin ),
              BM_GETCHECK,0,0);
   Pluginwriteinttoini( HInstance , 'WINDOWS', iRes);
   iWin := iRes;    //mov esi,ebx

   iRes := SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_LoadDriver ),
              BM_GETCHECK,0,0);
   Pluginwriteinttoini( HInstance , 'DRIVER', iRes);

   //添加程序调用:
   if( iWin = 1) then
   begin
    ival1 := mg_HideOllyDbgWin();
    if( ival1 <> 0 )then
    begin
      Addtolist( 0, -1, 'Status:Ord not found(code = %d).',ival1 );
    end;
   end;

   if((iRes = 1)and(g_bDriverLogon <> False)) then
   begin
     if((iWin <> Integer(g_bHideOllyDbgWin))or(iSetContext <> Integer(g_bHookNtSetContextThread)))  then
     begin
     mg_ExitDriver();
     g_bDriverLogon := False;
     end;
   end;
   g_bHideOllyDbgWin := iWin;
   g_bHookNtSetContextThread := iSetContext;

   if((iRes = 1)and(g_bDriverLogon <> False)) then
   begin
    Addtolist( 0, -1 , 'Status: Driver already loaded.' );
   end;

   if( (iRes = 0)and(g_bDriverLogon <> False ) ) then
   begin
    mg_ExitDriver();
   end;

   if( (iRes = 1)and(g_bDriverLogon = False ) ) then
   begin
     ival1 := mg_LoadDriver();
     if( ival1 = 0 ) then
      begin
      Addtolist( 0, -1 , 'Status: Driver Loaded .');
      g_bDriverLogon := True;
      end
     else
     begin
      Addtolist( 0, -1, 'Status: Driver not loaded (code = %d) .',ival1);
      g_bDriverLogon := False;
     end;
   end;

   iRes := SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_HookRDTSC ),
              BM_GETCHECK,0,0);
   Pluginwriteinttoini( HInstance ,'RDTSC', iRes);

   if( (iRes = 1) and ( g_bRDTSCLogon <> False ) )then
   begin
     Addtolist( 0, -1, 'Status: RDTSC already hooked .');
   end;

   if( (iRes = 0) and ( g_bRDTSCLogon <> False ) )then
   begin
     mg_ExitRDTSC();
   end;

   if( (iRes = 1) and ( g_bRDTSCLogon = False ))then
   begin
     ival2 := mg_LoadRDTSC();
     if( ival2 = 0 )then
     begin
     Addtolist( 0, -1 , 'Status: RDTSC hooked .');
     g_bRDTSCLogon := True;
     end
     else
     begin
     Addtolist( 0, -1, 'Status: RDTSC not hooked (code = %d) .',ival2);
     g_bRDTSCLogon := False;
     end;
   end;
   
   if( Getstatus() <> STAT_NONE) then
   begin
     MessageBox(g_hwndOlly ,
                'Please restart prog to apply changes .',
                'Warnning!', MB_OK or MB_ICONASTERISK );
   end;
   g_bRunOptionLog := 1;
   EndDialog( g_hwndOption, 0 );

end;

procedure  mg_InitCheckDlgBtn() ;
var
  dwRes : DWORD;
begin
  dwRes := Pluginreadintfromini( HInstance , 'VERSION' , 0 );
  g_dwPluginVer := dwRes;
  if( (g_dwPluginVer = 0) or (g_dwPluginVer <> $78) )then
  begin
    Addtolist( 0 ,0 ,'Status: Old version foun, all option were discarded!');
    Pluginwriteinttoini( HInstance , 'PEB'        , $0000);
    Pluginwriteinttoini( HInstance , 'GETCOUNT'   , $0000);
    Pluginwriteinttoini( HInstance , 'DRX'        , $0000);
    Pluginwriteinttoini( HInstance , 'SETCONTEXT' , $0000);
    Pluginwriteinttoini( HInstance , 'DEBSTRING'  , $0000);
    Pluginwriteinttoini( HInstance , 'WINVER'     , $0000);
    Pluginwriteinttoini( HInstance , 'GETTIMES'   , $0000);
    Pluginwriteinttoini( HInstance , 'REMOVEEP'   , $0000);
    Pluginwriteinttoini( HInstance , 'HANDLE'     , $0000);
    Pluginwriteinttoini( HInstance , 'WINDOWS'    , $0000);
    Pluginwriteinttoini( HInstance , 'DRIVER'     , $0000);
    Pluginwriteinttoini( HInstance , 'CAPTION'    , $0000);
    Pluginwriteinttoini( HInstance , 'RDTSC'      , $0000);
    Pluginwriteinttoini( HInstance , 'VERSION'    , $0078);
    Pluginwriteinttoini( HInstance , 'DELTARDTSC' , $8800);

    Exit;
  end;

  dwRes := Pluginreadintfromini( HInstance , 'PEB'            , $00);
  g_bHideFromPEB := dwRes;
  SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_HideFromPEB ),
              BM_SETCHECK,dwRes,0);

  dwRes := Pluginreadintfromini( HInstance , 'DRX'           , $00);
  g_bProtectDRx := dwRes;
  SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_ProtectDRx ),
              BM_SETCHECK,dwRes,0);

  dwRes := Pluginreadintfromini( HInstance , 'DRIVER'        , $00);
  g_bLoadDriver := dwRes;
  SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_LoadDriver ),
              BM_SETCHECK,dwRes,0);

  dwRes := Pluginreadintfromini( HInstance , 'RDTSC'         , $00);
  g_bHookRDTSC  := dwRes;
  SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_HookRDTSC ),
              BM_SETCHECK,dwRes,0);

  dwRes := Pluginreadintfromini( HInstance , 'SETCONTEXT'    , $00);
  g_bHookNtSetContextThread  := dwRes;
  SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_HookNtSetContextThread ),
              BM_SETCHECK,dwRes,0);

  dwRes := Pluginreadintfromini( HInstance , 'DEBSTRING'     , $00);
  g_bPathODStringAndFPUBugs  := dwRes;
  SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_PathODStringAndFPUBugs ),
              BM_SETCHECK,dwRes,0);

  dwRes := Pluginreadintfromini( HInstance , 'BLOCK'         , $00);
  g_bHookBlockInput  := dwRes;
  SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_HookBlockInput ),
              BM_SETCHECK,dwRes,0);

  dwRes := Pluginreadintfromini( HInstance , 'GETCOUNT'      , $00);
  g_bHookGetTickCount  := dwRes;
  SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_HookGetTickCount ),
              BM_SETCHECK,dwRes,0);

  dwRes := Pluginreadintfromini( HInstance , 'GETTIMES'      , $00);
  g_bHookGetProcessTimes  := dwRes;
  SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_HookGetProcessTimes ),
              BM_SETCHECK,dwRes,0);

  dwRes := Pluginreadintfromini( HInstance , 'REMOVEEP'       , $00);
  g_bRemoveEPBreak  := dwRes;
  SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_RemoveEPBreak ),
              BM_SETCHECK,dwRes,0);

  dwRes := Pluginreadintfromini( HInstance , 'HANDLE'         , $00);
  g_bCustomHandlerExcept := dwRes;
  SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_CustomHandlerExcept ),
              BM_SETCHECK,dwRes,0);

  dwRes := Pluginreadintfromini( HInstance , 'WINDOWS'        , $00);
  g_bHideOllyDbgWin := dwRes;
  SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_HideOllyDbgWin ),
              BM_SETCHECK,dwRes,0);

  dwRes := Pluginreadintfromini( HInstance , 'CAPTION'        , $00);
  g_bChangeOllyDbgCaption  := dwRes;
  SendMessage(GetDlgItem( g_hwndOption , IDC_CHK_ChangeOllyDbgCaption ),
              BM_SETCHECK,dwRes,0);

  dwRes := Pluginreadintfromini( HInstance , 'DELTARDTSC'        , $00);
  g_dwDELTARDTSC  := dwRes;
end;

//--------------------------------------------------------------------------------------------------------
//
function  _lpOptinDlgProc( hdlg :HWND ; msg :UINT ; wParam :WPARAM ;lParam :LPARAM):LRESULT;stdcall;
var
  revar : Integer;
begin
  revar := 0;
  case msg of
  WM_COMMAND:
    begin
      if( wParam = IDC_BTN_SAVE ) then
      begin
      mg_SaveCheckDlgBtn();
      end;
    end;
  WM_INITDIALOG:
    begin
      g_hwndOption := hdlg;
    end;
  WM_SHOWWINDOW:
    begin
    mg_InitCheckDlgBtn();
    end;
  WM_DESTROY,
  WM_CLOSE:
    begin
      if( g_bRunOptionLog <> 1 ) then
      begin
      mg_SaveCheckDlgBtn();
      end;
    end;
  end;
  Result := revar;
end;


//--------------------------------------------------------------------------------------------------------
//
procedure ODBG_Pluginaction(origin: Integer; action: Integer; pItem: Pointer); cdecl;
var
  ptmpname : string;
begin
  ptmpname := '';
  g_bRunOptionLog := 0;
  if (origin = PM_MAIN) then
  begin
    case action of
      0:
      begin
      //ptmpname :=  Windows.MakeIntResource(#01);
      CreateDialog( HInstance , Windows.MakeIntResource(#01) ,Plugingetvalue( VAL_HWMAIN ),@_lpOptinDlgProc);
      end;
      1:
      begin
      MessageBox(g_hwndOlly ,       'PhantOm 1.20 本程序为逆向而来,并无其他,只供学习研究用,请勿它用!'+
                              #10 + '感谢原作者~! -By EasyStudy',
                    'About PhantOm ',MB_OK or MB_ICONASTERISK);
      end;
    end;
  end;
end;

//--------------------------------------------------------------------------------------------------------
//
procedure ODBG_Pluginreset();cdecl;
begin
  mg_VirtualFree(nil);
  mg_InitCheckDlgBtn();
end;

//--------------------------------------------------------------------------------------------------------
//
exports

  ODBG_Plugindata     name '_ODBG_Plugindata',
  ODBG_Plugininit     name '_ODBG_Plugininit',
  ODBG_Pluginmenu     name '_ODBG_Pluginmenu',  
  ODBG_Pausedex       name '_ODBG_Pausedex',
  ODBG_Pluginclose    name '_ODBG_Pluginclose',
  ODBG_Pluginmainloop name '_ODBG_Pluginmainloop',
  ODBG_Pluginaction   name '_ODBG_Pluginaction',
  ODBG_Pluginreset    name '_ODBG_Pluginreset';


//--------------------------------------------------------------------------------------------------------
//
procedure DLLExit(dwReason: DWORD);
begin
  case dwReason of  DLL_PROCESS_ATTACH:
    begin
    mg_GetTickCount();

    //
    g_bDriverLogon := False;
    g_bRDTSCLogon  := False;
    
    g_hmodNTDLL := GetModuleHandle('ntdll.dll');
    g_hmodKERNEL:= GetModuleHandle('Kernel32.dll');

    g_procRtlRaiseException   := GetProcAddress( g_hmodNTDLL , 'RtlRaiseException');
    g_procDbgBreakPoint := GetProcAddress( g_hmodNTDLL , 'DbgBreakPoint');
    end;
  end;

  {
  DLL_PROCESS_DETACH:
  begin

  end;
  }
  Exit;
end;

//--------------------------------------------------------------------------------------------------------
//
var
  ss:String;
begin
// Initialize code here
    ss := '';   //原始中是有不初始化变量的习惯T_T
    //g_hmodOlly := HInstance;
    DllProc := @DLLExit;
    DllProc(1);
    Exit;
//g_hmodOlly := GetModuleHandle(nil);
end.