Check here version 2 https://github.com/lurumdare/ScyllaHideDetector2 with restore bytes.
Allows you to find the use of ScyllaHide, if your program will debug.
- win32u.dll signatures
- support x86
- NtSetInformationThread
- NtSetInformationProcess
- NtQuerySystemInformation
- NtQueryInformationProcess
- NtQueryObject
- NtYieldExecution
- NtCreateThreadEx
- NtSetDebugFilterState
- NtClose
- NtQueryPerformanceCounter
- NtGetContextThread
- GetTickCount
- GetTickCount64
- OutputDebugStringA
- FindWindowA
- BlockInput
- NtUserQueryWindow
- NtSetContextThread
- GetLocalTime
- GetSystemTime
Detection
Kirie Motoba (inject.ws russian re forum)