Skip to content

AntiMSHookFunction (make MSHookFunction doesn't work)

Notifications You must be signed in to change notification settings

vocaeq/AntiMSHookFunction

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 

Repository files navigation

AntiMSHookFunction

AntiMSHookFunction is an AntiHook library for MSHookFunction at runtime (make MSHookFunction doesn't work)
include MSHookFunction Check and Anti-MSHookFunction

Usage

void* orig_antiDebug = antiMSHook(antiDebug);  // antiDebug noinline
    
if (orig_antiDebug == NULL) {
    printf("[+++] Not MSHook");
    antiDebug();
} else {
    printf("[+++] AntiMSHook 🚀🚀🚀");
    typedef void AntiDebug(void);
    AntiDebug *_antiDebug = (AntiDebug *)orig_antiDebug;
    _antiDebug();
}

// noinline
void antiDebug() {
    resetSymbol(@"dlopen");   // anti-fishhook
    resetSymbol(@"dlsym");    // anti-fishhook
    
    void* handle = dlopen("/usr/lib/libc.dylib", RTLD_NOW);
    void* ptrace = dlsym(handle, "ptrace");
    
    typedef int Ptrace(int, pid_t, int, int);
    Ptrace *_ptrace = (Ptrace *)ptrace;
    _ptrace(31, 0, 0, 0);
    dlclose(handle);
}

About

AntiMSHookFunction (make MSHookFunction doesn't work)

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C 100.0%