Skip navigation.

Stealthy Profiling and Debugging of Malware

Here is a Windows driver I developed that I presented at Blackhat this year. Enjoy

Hades is a tool for dynamic application analysis on Microsoft Windows-based systems. It has function hooking capabilities similar to those of Microsoft Detours and WinAPIOverride (WAO), and it can also function as a debugger. It was developed to allow analysis of malware binaries that were able to detect Detours and WAO.

Why do not you release a

Why do not you release a compiled binary, installation and usage instructions?


The readme is light but more details are in the .pptx file.

The reason no compiled binary is b/c u have to tailor your hooks and target binary to hook at compile time. Take a look at the .pptx file it explains it pretty good.

Jason Raber

PDF of the slides

Could you generate a PDF of the slides, they don't render well in OpenOffice. Thanks.

It is up


Trying to open it I get an

Trying to open it I get an error message from Foxit Reader saying:

format error: not a PDF or corrupted


OK try it again. Must have got corrupted when moving it to my VM

Now it´s ok, thanks.

Now it´s ok, thanks.