Exetools

Exetools (https://forum.exetools.com/index.php)
-   x64 OS (https://forum.exetools.com/forumdisplay.php?f=44)
-   -   Hiding processes using FROST (64bit) (https://forum.exetools.com/showthread.php?t=14880)

typedef 03-15-2013 22:16

Hiding processes using FROST (64bit)
 
Just thought I'd post this, in case it hadn't been posted before.

Using an gaming anti-cheat application called FROST, it is possible to hide arbitrary processes on a 64bit system, using their signed 64bit driver. I'm not sure if the drivers certificate has been revoked or not, but it worked a few months ago...

Here's the original forum post:

http://translate.google.com/translate?sl=auto&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http%3A%2F%2Fexelab.ru%2Ff%2Findex.php%3Faction%3Dvthread%26forum%3D1%26topic%3D20263&act=url

The drivers can be downloaded from:

http://www.sendspace.com/file/cgkw53

Sorry if this has been posted before - delete if it has been.

Av0id 03-18-2013 12:50

all you need is to form proper DeviceIoControl buffer ;)

securedsolutions 07-18-2013 03:40

This will not work on Windows 8 x64

jump 02-06-2014 06:35

Could you post again working link or attach it locally. Thanks!

--
Jump

BAHEK 02-16-2014 10:08

1 Attachment(s)
Quote:

Originally Posted by jump (Post 89791)
Could you post again working link or attach it locally. Thanks!

--
Jump

frost.rar
|---frost_32.sys
|---frost_64.sys
|---hidden_run.exe - about
`---hidden_run_src

The Old Pirate 02-18-2014 07:10

Doesn't work on Windows 7 x64 as well, does it?

DMichael 05-22-2014 23:21

the sign is old thats why it wont work


All times are GMT +8. The time now is 21:19.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX