---[ PhantOm plugin 1.54  ]--------------------------------------------------
      by Hellsp@wn & Archer & Olenevod.

 // ********************************************************************* //
 //    !                                         //
 // ********************************************************************* //

|   : 
|  Bronco, kioresk, RSI, lord_Phoenix, HoBleen, Grim Fandango,
|  Guru.eXe, vad8787, PE_Kill, Executioner, ProTeuS.
-----------------------------------------------------------------------------

   OllyDbg (  ).
    :

//  - extremehide.sys

[+] NtQueryInformationProcess.
[+] SetUnhandledExceptionFilter.
[+] OpenProcess.
[+] Invalid Handle.
[+] NtSetInformationThread.
[+] RDTSC.
[+] NtYieldExecution.
[+] NtQueryObject.
[+] NtQuerySystemInformation.
[+] Windows hide.
[+] GetProcessTimes.
[+] NtSetContextThread.

//  - PhantOm.dll

[+] PEB BeingDebugged.
[+] PEB NtGlobalFlag.
[+] GetStartupInfo.
[+] Process Heaps.
[+] GetTickCount.
[+] OutputDebugString
[!] Protect DRx.
[!] Hide DRx.
[!] Fake Windows version.
[!] Custom Handler.
[+] BlockInput

  - 1.54
[*]    memory breakpoints.
[*]    "custom handler exceptions".
[*]      .

  - 1.51
[*]     .

  - 1.50
[*]     .

  - 1.49
[*]   FPU ,  2 
[*]   .

  - 1.47
[*]    .
[*]     .

  - 1.45
[*]   FPU .
[*]     .
[*]   ,     RaiseException. 
[*]       .
[*]    NtSetInformationThread  .
[*]    int 2d.
[*]  "single-step" .
[*]    "custom handler exceptions".
[*]   c "protect DRx",      DRx .
[*]   c BlockInput  Windows 2000.

  - 1.30
[*]      CPU,   
      CAPTEXT  PRETEXT, - "PhantOm"  "o_O".
[*]     "custom handler exceptions".
[*]    .

  - 1.26
[*]     .
[*]    "custom handler exceptions" 
     memory breakpoints on access, write    
     break-on-access.
[*]     .

  - 1.25
[*]      
     HIDENAME  RDTSCNAME.
[*]    .
[*]    memory breakpoints.

  - 1.20
[*]     (C0000005).
[*]      .
[*]     (OUTPUT_DEBUG_STRING_EVENT).
[*] int 3  EP  ,    
        .
[*]   BlockInput. ( WinXP)
[*]     (C0000094).
[*]    GetStartupInfo.
[*]     .
[*]     .

  - 1.15
[*]   .

  - 1.10
[*] hook GetProcessTimes -   .
[*] hook NtSetContextThread -   .
[*]     "EP break".
[*]   ,    .
[*]  ini   "DELTARDTSC",    RDTSC.

  - 1.04
[*]     .

  - 1.03
[*]    .

  - 1.01
[*]    .

  - 1.00
[*]    OllyDbg.
[*]  OllyDbg    ImageBase. 

  - 0.60
[*]     (C000001E, 80000001, C000001D).
[*]   int3  EntryPoint.
[*]    GetTickCount.
[*]   -  .

  - 0.58
[*]    Hide from peb   .

  - 0.57
[*]      .
[*]    GetProcessTimes.
[-]   Fake Windows version ( ).
 
  - 0.55
[*]   GetTickCount.
[*]   RDTSC.
[*]      ServicePack.
[*]   . 

  - 0.53
[*]     .
[*]    NtSetInformationThread.
[*]    Fake Windows version.

  - 0.51
[*]    GetTickCount
[*]     PEB'

// :

-       OllyDbg,   
   load driver.

-      ,     -   OllyDbg,
       (Ctrl+F2) .

-      Log (Alt+L),     
         Log   .

-    Windows 2000 SP4, XP SP2.

-    ,   ,    
     (, ).

-         OllyDbg,
     .

//   : 
 www : hellspawn.nm.ru 
 mail: for.hellspawn@gmail.com
------------------------------------------------------------[ 07.01.2009 ]---