tag:blogger.com,1999:blog-5036198523690297182.post6232530107313845668..comments2024-02-05T00:25:13.117-08:00Comments on waliedassar: Hidding Threads From Debuggerswaliedhttp://www.blogger.com/profile/18278414703959705421noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-5036198523690297182.post-22573829439756443242012-11-26T06:05:41.502-08:002012-11-26T06:05:41.502-08:00I am not sure if useful but you can also call the ...I am not sure if useful but you can also call the function with the 7th (flags) parameter having bit 0x2 set. This prevents your thread from triggering DllMain's and TLS callback in the target process.<br /><br />See:<br />http://forum.tuts4you.com/topic/30513-hiding-threads-from-debuggers/#entry143915waliedhttps://www.blogger.com/profile/18278414703959705421noreply@blogger.comtag:blogger.com,1999:blog-5036198523690297182.post-66723944652449834152012-11-24T22:32:16.934-08:002012-11-24T22:32:16.934-08:00You can also use the "SuppressDebugMsg" ...You can also use the "SuppressDebugMsg" trick to enhance code for a stealthier way of injection esp.combined with the LDR_MODULE unlinking trick.<br /><br />http://waleedassar.blogspot.com/2012/11/suppressdebugmsg-as-anti-debug-trick.htmlwaliedhttps://www.blogger.com/profile/18278414703959705421noreply@blogger.comtag:blogger.com,1999:blog-5036198523690297182.post-5333469862026806342012-11-24T10:08:28.368-08:002012-11-24T10:08:28.368-08:00Sweet! Will certainly save this one to my snippet ...Sweet! Will certainly save this one to my snippet db :)Duncan Ogilviehttps://www.blogger.com/profile/06123142543593949200noreply@blogger.comtag:blogger.com,1999:blog-5036198523690297182.post-5141490453326099112012-11-23T12:39:30.325-08:002012-11-23T12:39:30.325-08:00Hey Waleed. I took this idea further and have writ...Hey Waleed. I took this idea further and have written a small 'covert' DLL Injector POC that utilizes the feature you presented. <br />Using this method, some detections of DLL injections can be circumvented.<br /><br />http://codepad.org/nXrTebbc (Idea and inspiration by l3D)Znoreply@blogger.comtag:blogger.com,1999:blog-5036198523690297182.post-18037802925159723162012-11-23T11:46:27.257-08:002012-11-23T11:46:27.257-08:00Very interesting look into the internals of Thread...Very interesting look into the internals of ThreadHideFromDebugger.Znoreply@blogger.com