Project Updates

IDAStealth

First of all, the new IDAStealth v1.1 supports remote debugging, has a new WTL based GUI and supports profiles.
As requested by some people, the source now builds out of the box, given you have the required libraries in your include path (see readme for instructions). Some minor bugfixes also made it into the new version.

NCodeHook

Some bugs were fixed in NCodeHook and the library is now able to force usage of absolute jumps for inline hooks. The new IDAStealth has a configuration for this, so if your malware e.g. copies some code which has been hooked beforehand by IDAStealth, it won't crash if absolute addressing mode is used.

NInjectLib

Some minor issues in NInjectLib were fixed and an example has been added which shows how to use the library together with NCodeHook.

That's it for now - as always, if you find bugs please contact me and I'll be glad to fix them :)

Submitted by jan newger on Mon, 11/16/2009 - 01:20

jan newger's blog
Add new comment

Project Updates

IDAStealth

NCodeHook

NInjectLib

Projects

Research

Old Projects

Search