ScyllaHide v1.4 releases: advanced open-source x64/x86 usermode Anti-Anti-Debug library

by do son · Published May 24, 2019 · Updated March 26, 2023

ScyllaHide is an advanced open-source x64/x86 usermode Anti-Anti-Debug library. It hooks various functions in usermode to hide debugging. This tool is intended to stay in usermode (ring3).

ScyllaHide supports various debuggers with plugins:

OllyDbg v1 and v2 http://www.ollydbg.de
x64dbg http://x64dbg.com or https://github.com/x64dbg/x64dbg
Hex-Rays IDA v6+ https://www.hex-rays.com/products/ida
TitanEngine v2 https://bitbucket.org/titanengineupdate/titanengine-update and http://www.reversinglabs.com/open-source/titanengine.html

ScyllaHide

PE x64 debugging is fully supported with plugins for x64dbg and IDA.

Please note: ScyllaHide is not limited to these debuggers. You can use the standalone commandline version of ScyllaHide. You can inject ScyllaHide in any process debugged by any debugger.

Features

Anti-Anti-Debug
- Process Environment Block (PEB)
- NtSetInformationThread
- NtSetInformationProcess
- NtQuerySystemInformation
- NtQueryInformationProcess
- NtQueryObject
- NtYieldExecution
- NtCreateThreadEx
- OutputDebugStringA (deprecated since v1.3)
- BlockInput
- NtUserFindWindowEx
- NtUserBuildHwndList
- NtUserQueryWindow
- NtSetDebugFilterState
- NtClose
- Remove Debug Privileges
- Hardware Breakpoint Protection (DRx)
- Timing
- Raise Exception
Special
- DLL Injection
- Prevent Thread Creation
- RunPE Unpacker
- Improved Attach Dialog
OllyDbg v1 Specific
- Remove entry point breakpoint
- Fix Olly Bugs
- x64 single-step fix
- Skip Entrypoint outside code
- Ignore bad PE image
- Skip compressed code warning
- Skip ”load dll” warning
- Break on TLS
- Advanced CTRL+G
- Change window caption
- Special Keyboard Shortcuts
- Custom Toolbar
- Exception Problem
OllyDbg v2 Specific
- Change window caption
IDA Specific
- Server Option
x64dbg Specific
TitanEngine Specific