From Collaborative RCE Tool Library

Jump to: navigation, search

Tool Hiding Tools


Tool name: HideToolz
Rating: 5.0 (1 vote)
Author: Ms-Rem                        
Website: N/A
Current version: 2.2
Last updated: October 3, 2009
Direct D/L link: http://fyyre.l2-fashion.de/projects/HideToolz.zip
License type: Free
Description: This is version 2.2 of HideToolz. Version 2.1 did not work on Windows Vista SP1 or higher. I have modified the device driver so HideToolz now works on Vista SP1 through Windows 7 RTM.

-Fyyre

- - -

HideToolz is a configurable GUI based utilility that allows hiding of RCE tools from annoying detection (such as Themida). It does so by kernel mode driver which hooks functions such as NtQueryInformationProcess, NtSetContextThread, NtQuerySystemInformation, NtOpenProcess, NtOpenThread, etc... allowing you to debug 'protected' applications easily.

Features include:

Hide Processes
Protect Processes
Hide Windows
Protection from Windows hooks
Emulation of partent process (sets parent pid of target PID to explorer.exe).
Anti-Anti debug features.

Runs very stable under Windows XP through Windows 7 (x86 only). Please be aware some anti-virus detections HideToolz driver as a rootkit - this is basically correct, except HideToolz contains no payload, does not access any network api, etc... if you doubt, disasm the driver yourself.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: IDA Stealth
Rating: 0.0 (0 votes)
Author: Jan Newger                        
Website: http://newgre.net/idastealth
Current version: 1.0
Last updated: March 25, 2009
Direct D/L link: http://newgre.net/system/files/IDAStealth.rar
License type: Free / Open Source
Description: IDA Stealth is a plugin which aims to hide the IDA debugger from most common anti-debugging techniques. The plugin is composed of two files, the plugin itself and a dll which is injected into the debuggee as soon as the debugger attaches to the process. The injected dll is actually responsible for implementing most of the stealth techniques either by hooking syscalls or by patching some flags in the remote process.
Also listed in: IDA Extensions
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: IceStealth
Rating: 0.0 (0 votes)
Author: Daniel Steinhäußer                        
Website: http://www.woodmann.com/forum/showthread.php?t=12131
Current version: 1.69
Last updated: August 28, 2009
Direct D/L link: Locally archived copy
License type: Free
Description: IceStealth is a SoftICE hiding tool, that should protect from:

CreateFileA, CreateFileW, NtCreateFile, also nmtrans.dll wont find SoftICE with these methods
NtQueryDirectoryObject
NtQueryObject
OpenServiceA, OpenServiceW, EnumServicesStatusA,EnumServicesStatusW,EnumServicesStatusExA, EnumServicesStatusExW
UnhandledExceptionFilter (2 Options)
SEH BPM Protection
BPM Protection
NtQuerySystemInformation
int 41 killed + DPL 0
int 1 DPL 0
Basic Registry Protection (if ever needed)
(RegOpenKeyExA, RegOpenKeyExW, RegOpenKeyA, RegOpenKeyW)
SaveDisk Protection
Also listed in: SoftICE Extensions
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: RE-Pair
Rating: 0.0 (0 votes)
Author: Crudd                        
Website: http://www.reteam.org/tools.html
Current version: 0.6
Last updated: July 1, 2005
Direct D/L link: Locally archived copy
License type: Free
Description: RE-Pair is a tool that will make some of our (reverse engineers) tools a
bit more difficult to detect. Why the name RE-Pair? Simple, it helps
fix our tools, by making them somewhat more difficult to detect.

Currently fixes: Any tool. Either in memory (for packed apps and one time
changes) or on disk (for permanent patches of non-packed apps). It does this
by changing the caption/classname to a random string (defeating FindWindow
method). It also patches OllyDbg to fix the 'OutputDebugString' vulnerability
(Used by Armadillo and others).
NOTE: Using the Fix Other option may take a while to Fix on disk.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: xFile
Rating: 0.0 (0 votes)
Author: anorganix/ARTeam                        
Website: http://arteam.accessroot.com/releases.html
Current version: 1.4.0.36
Last updated: September 17, 2008
Direct D/L link: http://arteam.accessroot.com/releases.html?fid=42
License type: Free
Description: xFile 1.4.0.36 by anorganix
---------------------------

The File Update Module increases the size of a file to the specified value. Just enter the "Desired Size" in bytes and you're all set. Works with all file types, with compressed/packed files also, but files with integrity check are not supported. Also, backup option has been implemented.

The Hide Caption Tool is ideal for hiding the caption of any application. Just build a list with the full/partial captions you want to hide and hit Enable. Changes apply in realtime and checks are made often to hide all instances of the application.

The Junk Cleanup Module is useful for deleting Olly's UDD and BAK files. Also, there is an option to backup files before deletion (ZIP).

NEW! The Resource Fix Module (based on DreamTheatre's engine) comes in handy after unpacking. Just rebuild the resources, so that you can edit them without crashing the program. You can also dump the resources to file.

Additional features:
* Drag and Drop support
* file CRC Calculator
* auto-refresh of UDD folder
* auto-save settings
* Hide Caption works faster (Partial Captions are now supported)
* fixed minor UI bugs

NB: this tool is compressed and some AV detects it as a malware. Do not worry, we guarantee that it is not a virus at all! If you have doubts anyway se the Arteam ESFV checker to ensure that all the files are unmodified or eventually download a fresh copy from http://arteam.accessroot.com
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.


Retrieved from "http://www.woodmann.com/collaborative/tools/index.php/Category:Tool_Hiding_Tools"



Views
Category Navigation Tree
RCE Tools
   Categorized by Target Type  (176)
   Categorized by Tool Type  (973)
   Anti Anti Test Tools  (15)
   Assemblers  (15)
   Code Coverage Tools  (12)
   Code Injection Tools  (32)
   Code Ripping Tools  (2)
   Crypto Tools  (5)
   Data Extraction Tools  (19)
   Debuggers  (42)
   Decompilers  (20)
   Deobfuscation Tools  (11)
   Dependency Analyzer Tools  (5)
   Diff Tools  (29)
   Disassemblers  (45)
   Dongle Analysis Tools  (24)
   Exe Analyzers  (31)
   Firefox Extensions  (1)
   GUI Manipulation Tools  (15)
   Hardware Reversing Tools  (24)
   Hex Editors  (12)
   IDA Signature Creation Tools  (5)
   Kernel Tools  (12)
   Memory Data Tracing Tools  (6)
   Memory Patchers  (3)
   Memory Search Tools  (7)
   Monitoring Tools  (110)
   Network Tools  (15)
   PE Executable Editors  (78)
   Packers  (16)
   Patch Packaging Tools  (7)
   Profiler Tools  (10)
   Programming Libraries  (31)
   Regular Expression Tools  (3)
   Resource Editors  (11)
   Reverse Engineering Frameworks  (7)
   Source Code Tools  (11)
   String Finders  (5)
   Symbol Tools  (11)
   System Information Extraction Tools  (7)
   Technical PoC Tools  (7)
   Test and Sandbox Environments  (16)
   Tool Extensions  (135)
   Tool Hiding Tools  (5)
   Tool Signatures  (21)
   Tracers  (17)
   Unpacking Tools  (58)
   Needs New Category  (1)