Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 17:47
    mrexodia deleted #2797
  • 16:48
    ZehMatt closed #2797
  • 16:48
    ZehMatt commented #2797
  • 15:45
    lsh7161 edited #2797
  • 15:44
    lsh7161 labeled #2797
  • 15:44
    lsh7161 opened #2797
  • 15:44
    rajkumarananthu commented #2752
  • 15:43
    rajkumarananthu commented #2752
  • 14:28

    mrexodia on development

    Attempt to scale the column wid… (compare)

  • Dec 04 15:30
    mrexodia commented #2752
  • Dec 04 11:52
    mrexodia assigned #2752
  • Dec 04 05:25
    rajkumarananthu commented #2752
  • Dec 03 13:42
    mrexodia commented #2752
  • Dec 03 10:43
    rajkumarananthu commented #2752
  • Dec 03 03:27

    mrexodia on development

    Update FUNDING.yml (compare)

  • Dec 03 03:26

    mrexodia on development

    Update README.md (compare)

  • Dec 03 01:13
    stevemk14ebr closed #2278
  • Dec 02 13:49
    SNOW-Loli commented #2796
  • Dec 02 13:28
    SNOW-Loli commented #2796
  • Dec 02 13:11
    mrexodia commented #2796
x64dbgbot
@x64dbgbot
<mrexodia> I don’t think it’s called
<EvilSapphire> What do you mean?
<EvilSapphire> It definitely registers a menu
<EvilSapphire> With menu entries for about, injection etc
<EvilSapphire> With the entry ids that are checked with a switch case on the callback CB_MENUENTRY registered function
<EvilSapphire> From what you guys say I'm doubtful execution would even reach the default case (re @EvilSapphire: In scyllahide the CB_MENUENTRY function checks for the passed hEntry via a switch case and there's cases for the registered entries, but also a default case where the actual hookdll injection happens)
<EvilSapphire> Registering the menus with the MENU_* entries:
<mrexodia> Yeah that’s what I meant (re @EvilSapphire: From what you guys say I'm doubtful execution would even reach the default case)
<mrexodia> The MENU_XXX will be in the hEntry
<mrexodia> But there’s no default case iirc
<mrfearless> maybe if hEntry is 0?
<mrfearless> but seems unlikely
<EvilSapphire> When will hEntry be zero?
x64dbgbot
@x64dbgbot
<mrfearless> not sure, just throwing out an idea
<mrexodia> If your MENU_xxx == 0 (re @EvilSapphire: When will hEntry be zero?)
<mrfearless> yeh true
<EvilSapphire> Yeah but these 3 are the entries registered by scyllahide:
x64dbgbot
@x64dbgbot
<mrexodia> No, those are the callbacks
<EvilSapphire> And this callback switch case handles each of the registered entries:
<EvilSapphire> Oh sorry
<EvilSapphire> Wrong screenshot
<EvilSapphire> Wait
<mrexodia> Hm
<mrexodia> This is very weird
<EvilSapphire>
<EvilSapphire> These are the registered entries
<mrexodia> Ahhh
<mrexodia> So default
<mrexodia> Is the profile menus
<EvilSapphire> Oh crap
<EvilSapphire> Yes yes
<EvilSapphire> So scyllahide supports profiles too? The hell that means
<EvilSapphire> As if the plugin wasn't complicated enough
<EvilSapphire> Thanks Duncan!
<mrexodia> There are much simpler plugins ^^ (re @EvilSapphire: As if the plugin wasn't complicated enough)
<EvilSapphire> For anti anti debug?
<EvilSapphire> Better than scyllahide?
<mrfearless> so instead of an if/else or a switch/case specifying the menu profile option its just assuming the last option
<mrfearless> or default option
<EvilSapphire> Yeah they just take care of the profiles. No idea what that means though
x64dbgbot
@x64dbgbot
<EvilSapphire> Why the actual injection would happen in these so called profiles is beyond ne
<mrexodia> Different settings for different protections
<mrexodia> It doesn’t just happen there (re @EvilSapphire: Why the actual injection would happen in these so called profiles is beyond ne)
<mrexodia> It also happens in another place
<mrexodia> But if you change the profile the injection happens again
<EvilSapphire> Ohh okay
<EvilSapphire> Yes I also saw it happens inside the debugloop callback function when the process is created
<EvilSapphire> Did you guys develop scyllahide?
<mrexodia> No, I just made some minor fixes
<EvilSapphire> I'm reading through the code and trying to understand exactly how it works right now