Package vtrace :: Package tools :: Module win32stealth
[hide private]
[frames] | no frames]

Module win32stealth

source code

Classes [hide private]
  StealthBreak
Base class that can be extended by other classes to bypass anti-debugging checks.
  StealthPeb
Disables the "BeingDebugged" and "NtGlobalFlag" flags in the PEB.
  StealthCheckRemoteDebuggerPresent
Forces the "CheckRemoteDebuggerPresent" API to indicate that the process is not being debugged.
  StealthGetTickCount
Returns a static tickcount in case the application checks time deltas between instructions.
  StealthOutputDebugString
Forces the OutputDebugString API to return 1.
  StealthZwClose
When called with a invalid handle (-1) the malware will simply return so an exception is not thrown when a debugger is attached.
  StealthZwSetInformationThread
When ZwSetInformationThread is called with ThreadHideFromDebugger, just return in case threads try to detach from the debugger.
  StealthZwQueryInformationProcess
Forces ZwQueryInformationProcess to return success when passed "ProcessDebugPort"
Functions [hide private]
 
stealthInit(trace) source code
 
getStatus(trace) source code
 
enableAllStealth(trace) source code
 
disableAllStealth(trace) source code
 
stealthify(trace, name) source code
 
unstealthify(trace, name) source code