From 49570bfa265b4b963d88fc47c2ae30d25b113a42 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Wed, 18 Oct 2023 11:39:37 +0200 Subject: [PATCH] Add ida.plugin.scyllahide.vm --- .../common.vm/tools/vm.common/vm.common.psm1 | 2 +- .../ida.plugin.scyllahide.vm.nuspec | 12 ++++++++ .../tools/chocolateyinstall.ps1 | 30 +++++++++++++++++++ .../tools/chocolateyuninstall.ps1 | 9 ++++++ 4 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 packages/ida.plugin.scyllahide.vm/ida.plugin.scyllahide.vm.nuspec create mode 100644 packages/ida.plugin.scyllahide.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/ida.plugin.scyllahide.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/common.vm/tools/vm.common/vm.common.psm1 b/packages/common.vm/tools/vm.common/vm.common.psm1 index 03ea0a456..fe5dcba43 100755 --- a/packages/common.vm/tools/vm.common/vm.common.psm1 +++ b/packages/common.vm/tools/vm.common/vm.common.psm1 @@ -157,7 +157,7 @@ function VM-Check-Reboot { ) try { if (Test-PendingReboot){ - VM-Write-Log "ERROR" "Host must be rebooted before continuing install of $package.`n" + VM-Write-Log "ERROR" "Host must be rebooted before continuing installation of $package.`n" Invoke-Reboot exit 1 } diff --git a/packages/ida.plugin.scyllahide.vm/ida.plugin.scyllahide.vm.nuspec b/packages/ida.plugin.scyllahide.vm/ida.plugin.scyllahide.vm.nuspec new file mode 100644 index 000000000..57d84409f --- /dev/null +++ b/packages/ida.plugin.scyllahide.vm/ida.plugin.scyllahide.vm.nuspec @@ -0,0 +1,12 @@ + + + + ida.plugin.scyllahide.vm + 1.4 + ScyllaHide is an advanced open-source x64/x86 user mode Anti-Anti-Debug library. + NtQuery + + + + + \ No newline at end of file diff --git a/packages/ida.plugin.scyllahide.vm/tools/chocolateyinstall.ps1 b/packages/ida.plugin.scyllahide.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..a0bd00a80 --- /dev/null +++ b/packages/ida.plugin.scyllahide.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,30 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + # Download the plugin + $toolDir = Join-Path ${Env:chocolateyPackageFolder} "temp_$([guid]::NewGuid())" + $toolUrl = "https://github.com/x64dbg/ScyllaHide/releases/download/v1.4/ScyllaHide_2023-03-24_13-03.zip" + $toolSha256 = "edeb0dd203fd1ef38e1404e8a1bd001e05c50b6096e49533f546d13ffdcb7404" + $packageArgs = + @{ + packageName = ${Env:ChocolateyPackageName} + unzipLocation = $toolDir + url = $toolUrl + checksum = $toolSha256 + checksumType = 'sha256' + } + Install-ChocolateyZipPackage @packageArgs + + # Install the plugin + $pluginsDir = New-Item "$Env:APPDATA\Hex-Rays\IDA Pro\plugins" -ItemType "directory" -Force + $pluginPath = Join-Path $toolDir "IDA\HookLibraryx64.dll" -Resolve + $configPath = Join-Path $toolDir "IDA\scylla_hide.ini" -Resolve + Copy-Item $pluginPath -Destination $pluginsDir + Copy-Item $configPath -Destination $pluginsDir + + # Remove the temp installation folder + Remove-Item $toolDir -Recurse +} catch { + VM-Write-Log-Exception $_ +} \ No newline at end of file diff --git a/packages/ida.plugin.scyllahide.vm/tools/chocolateyuninstall.ps1 b/packages/ida.plugin.scyllahide.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..e29426790 --- /dev/null +++ b/packages/ida.plugin.scyllahide.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,9 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +# Remove the plugin +$pluginsDir = "$Env:APPDATA\Hex-Rays\IDA Pro\plugins" +$pluginPath = Join-Path $pluginsDir "HookLibraryx64.dll" -Resolve +$configPath = Join-Path $pluginsDir "scylla_hide.ini" -Resolve +Remove-Item $pluginPath +Remove-Item $configPath \ No newline at end of file