---[ PhantOm plugin 1.85 Final ]---------------------------------------------
|     by Hellsp@wn & Archer & Olenevod.
|
|   : 
|  Bronco, kioresk, RSI, lord_Phoenix, HoBleen, Grim Fandango,
|  Guru.eXe, vad8787, PE_Kill, Executioner, ProTeuS.
-----------------------------------------------------------------------------

   OllyDbg (  ).
    :

//  - extremehide.sys

[+] NtQueryInformationProcess.
[+] SetUnhandledExceptionFilter.
[+] OpenProcess.
[+] Invalid Handle.
[+] NtSetInformationThread.
[+] RDTSC.
[+] NtYieldExecution.
[+] NtQueryObject.
[+] NtQuerySystemInformation.
[+] Windows hide.
[+] GetProcessTimes.
[+] NtSetContextThread.
[+] NtSetDebugFilterState 

//  - PhantOm.dll

[+] PEB BeingDebugged.
[+] PEB NtGlobalFlag.
[+] GetStartupInfo.
[+] Process Heaps.
[+] GetTickCount.
[+] OutputDebugString
[!] Protect DRx.
[!] Hide DRx.
[!] Fake Windows version.
[!] Custom Handler.
[+] BlockInput.
[+] INT 2d.
[+] Single-step bug.
[+] OutputDebugString.
[+] TraceFlag hide.

  - 1.85
[*]    Zw   Windows XP.

  - 1.84
[*]   drx breakpoints (Safengine).
[*]    Zw  (Safengine)
         "hook some of Zw* functions.
[*]       
       "custom handler exceptions".
[*]     .
[*]   break-on-access  "custom handler exceptions".

  - 1.79
[*]   Windows 8.
[*]    "Set CPU to Value"     
            .
[*]    "entry point outside the code"   "fix OllyDbg bug".
[*]    GetTickCount.
[*]    "change Olly caption".
[*]    Profile.
 
  - 1.73
[*]   .
[*]    Windows 7 86/64.
[*]   x64 compatible.
[*]    "custom handler exceptions".
[*]    .
[*]   .
[*]   int 2d.
[*]   "custom handler exceptions"   .
[*]   drx breakpoints.
[*]   TF  , : PUSH SS & POP SS / MOV ?X,SS & MOV SS,?X
[*]   ZwQueryInformationProcess.
[*]   ZwSetInformationThread.
[*]   ZwQuerySystemInformation.
[*]   "hook some of Zw* functions"      Zw .
[*]    CloseHandle   .

  - 1.58
[*]    Windows 2000.
[*]   drx breakpoints.
[*]    .
[*]   "custom breakpoints",     "custom handler exceptions".

  - 1.54
[*]    memory breakpoints.
[*]    "custom handler exceptions".
[*]      .

  - 1.51
[*]     .

  - 1.50
[*]     .

  - 1.49
[*]   FPU ,  2 
[*]   .

  - 1.47
[*]    .
[*]     .

  - 1.45
[*]   FPU .
[*]     .
[*]   ,     RaiseException. 
[*]       .
[*]    NtSetInformationThread  .
[*]    int 2d.
[*]  "single-step" .
[*]    "custom handler exceptions".
[*]   c "protect DRx",      DRx .
[*]   c BlockInput  Windows 2000.

  - 1.30
[*]      CPU,   
     CAPTEXT  PRETEXT, - "PhantOm"  "o_O".
[*]     "custom handler exceptions".
[*]    .

  - 1.26
[*]     .
[*]    "custom handler exceptions" 
     memory breakpoints on access, write    
     break-on-access.
[*]     .

  - 1.25
[*]      
     HIDENAME  RDTSCNAME.
[*]    .
[*]    memory breakpoints.

  - 1.20
[*]     (C0000005).
[*]      .
[*]     (OUTPUT_DEBUG_STRING_EVENT).
[*] int 3  EP  ,    
        .
[*]   BlockInput. ( WinXP)
[*]     (C0000094).
[*]    GetStartupInfo.
[*]     .
[*]     .

  - 1.15
[*]   .

  - 1.10
[*] hook GetProcessTimes -   .
[*] hook NtSetContextThread -   .
[*]     "EP break".
[*]   ,    .
[*]  ini   "DELTARDTSC",    RDTSC.

  - 1.04
[*]     .

  - 1.03
[*]    .

  - 1.01
[*]    .

  - 1.00
[*]    OllyDbg.
[*]  OllyDbg    ImageBase. 

  - 0.60
[*]     (C000001E, 80000001, C000001D).
[*]   int3  EntryPoint.
[*]    GetTickCount.
[*]   -  .

  - 0.58
[*]    Hide from peb   .

  - 0.57
[*]      .
[*]    GetProcessTimes.
[-]   Fake Windows version ( ).
 
  - 0.55
[*]   GetTickCount.
[*]   RDTSC.
[*]      ServicePack.
[*]   . 

  - 0.53
[*]     .
[*]    NtSetInformationThread.
[*]    Fake Windows version.

  - 0.51
[*]    GetTickCount
[*]     PEB'

// :

-       OllyDbg,   
   load driver.

-      ,     -   OllyDbg,
       (Ctrl+F2) .

-      Log (Alt+L),     
         Log   .

-    Windows 2000 SP4, XP SP2, SP3.

-    ,   ,    
     (, ).

-         OllyDbg,
     .

//   : 
 mail: for.hellspawn@gmail.com
------------------------------------------------------------[ 06.04.2013 ]---