Hiding processes using FROST (64bit)
Just thought I'd post this, in case it hadn't been posted before.
Using an gaming anti-cheat application called FROST, it is possible to hide arbitrary processes on a 64bit system, using their signed 64bit driver. I'm not sure if the drivers certificate has been revoked or not, but it worked a few months ago... Here's the original forum post: http://translate.google.com/translate?sl=auto&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http%3A%2F%2Fexelab.ru%2Ff%2Findex.php%3Faction%3Dvthread%26forum%3D1%26topic%3D20263&act=url The drivers can be downloaded from: http://www.sendspace.com/file/cgkw53 Sorry if this has been posted before - delete if it has been. |
all you need is to form proper DeviceIoControl buffer ;)
|
This will not work on Windows 8 x64
|
Could you post again working link or attach it locally. Thanks!
-- Jump |
1 Attachment(s)
Quote:
|---frost_32.sys |---frost_64.sys |---hidden_run.exe - about `---hidden_run_src |
Doesn't work on Windows 7 x64 as well, does it?
|
the sign is old thats why it wont work
|
All times are GMT +8. The time now is 19:45. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX