DbgChild - Debug Child Process Tool

Forum for announcements and questions about tools and software.
Post Reply
User avatar
Dreg
Posts: 43
Joined: Sat Mar 13, 2010 11:10 am
Location: Spain
Contact:

DbgChild - Debug Child Process Tool

Post by Dreg » Tue Apr 25, 2017 8:55 pm

DbgChild is a stand alone tool for debugging child processes. DbgChild can be used in conjunction with a plugin for a debugger. Currently DbgChild supports a plugin for the x86/x64 x64dbg debugger.

https://github.com/David-Reguera-Garcia-Dreg/DbgChild

Features
  • Hook process creation for x86 or x64 child processes
    Patching and unpatching of NTDLL process creation for x86 and x64 child processes
    Process watcher for auto launching of new x64dbg instance when child process detected
    Modify the suspend (pre) and resume (post) logic to adapt to your own requirements
The DbgChild comprises a number of components to accomplish the task of launching a new x64dbg instance when a child process is hooked and detected.

These components are:
  • CreateProcessPatch.exe - Hook ZwCreateUserProcess (two separate exe files for x86 and x64) and loads DbgChildHookDLL.dll
    DbgChildHookDLL.dll - (two separate dll files for x86 and x64) - outputs process id's to CPIDS folder
    NTDLLEntryPatch.exe - Patches or unpatches LdrInitializeThunk (two separate exe files for x86 and x64)
    DbgChild.dp32 - x64dbg plugin x86
    DbgChild.dp64 - x64dbg plugin x64
    NewProcessWatcher.exe - Watches for new child processes from the CPIDS folder
    x64_post.unicode.txt - Support file
    x64_pre.unicode.txt - Support file
    x86_post.unicode.txt - Support file
    x86_pre.unicode.txt - Support file
You can use it for automate malware analysis, or make a per-process infection....

Also you can replace each component for your own specific component.

WARNING: The code is bullshit and there are some bugs, I know.

a7acf120-1d8e-11e7-83b9-4f41d0ef8bb6.png
You do not have the required permissions to view the files attached to this post.

vs2099
Posts: 10
Joined: Wed Jul 17, 2013 2:45 am

Re: DbgChild - Debug Child Process Tool

Post by vs2099 » Sun Oct 15, 2017 3:08 am

Good tool with source code.
I like it.

Post Reply