arm64_silent_syscall_hook
TitanHide
arm64_silent_syscall_hook | TitanHide | |
---|---|---|
1 | 1 | |
95 | 1,956 | |
- | - | |
0.0 | 2.5 | |
over 1 year ago | 4 months ago | |
C | C | |
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
arm64_silent_syscall_hook
TitanHide
-
How do I debug software that detaches as soon as I attach the debugger
If the poster is using x64dbg, there is another great alternative to ScyllaHide which is SharpOD, get the original files here (chinese website cause chinese author, just use google translate plugin in your browser). Where it really shines through is to remain undetected when ScyllaHide fails to do so, especially when the malware is packed by newer packers like VMProtect 3.5 (very annoying). If that's not enough too, check out TitanHide (risky), also an anti anti debugger but requires disabling PatchGuard beforehand (MUST use virtual machine).
What are some alternatives?
capstone - Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings. [Moved to: https://github.com/capstone-engine/capstone]
ScyllaHide - Advanced usermode anti-anti-debugger. Forked from https://bitbucket.org/NtQuery/scyllahide
Detect-It-Easy - Program for determining types of files for Windows, Linux and MacOS.
WSAAcceptBackdoor - Winsock accept() Backdoor Implant.
opendragon - Open Redragon drivers for Linux. Currently only supporting some mice.
r77-rootkit - Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
dokany - User mode file system library for windows with FUSE Wrapper