HideProcess
HideProcess copied to clipboard
landhb
A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager
I followed the steps you posted here: Here's a gif I just made performing it on build 17763:  _Originally posted by @landhb in https://github.com/landhb/HideProcess/issues/10#issuecomment-476463247_ But I receive The...
I know it's a POC, but I thought it would be good to fix this anyway - 1) There is a stack buffer overflow reading the 'pid' from user mode....
Hi, I have a strange problem, when I try to use loader I get the following error: C:\Users\Rahimi\Desktop>Loader.exe "test.exe" ``` Basic DKOM Rootkit to Hide a Process Usage : loader.exe...
Hi, i'm trying to build a dkom following your guide and using your code. I followed all step, but when i use the .exe, and error occurred. I used Visual...
Hi @landhb, i compiled the driver and the loader. Copied `Rootkit.sys` to `C:\Windows\System32\drivers\` In the `loader.c` file i got `#define DRIVER "C:\\Windows\\System32\\drivers\\Rootkit.sys"` when i compile. When i try to hide...
I try to use it in a win 7 64 bit installation with Driver Signing check and Patchguard disabled. When I try to hide a process I obtain this output:...
As the title says, I have been testing this and after 2 minutes of hiding your process the system just freezes. Is it because of this windows build maybe ?...
# Hi! ### as the title suggests  ### Results in  Which makes me make this issue; can you update or include the article in file-mode ? (paper ->...
Error loading driver: 系统找不到指定的路径。 Doesn't exist, installing new SCM entry...
