Thread: TitanHide
View Single Post
  #1  
Old 01-26-2014, 22:59
mr.exodia mr.exodia is offline
Retired Moderator
 
Join Date: Nov 2011
Posts: 784
Rept. Given: 492
Rept. Rcvd 1,122 Times in 305 Posts
Thanks Given: 90
Thanks Rcvd at 711 Times in 333 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
Cool TitanHide

Code:
Overview:

TitanHide is a driver intended to hide debuggers from certain processes.
The driver hooks various Nt* kernel functions (using inline hooks at the
moment) and modifies the return values of the original functions.
To hide a process, you must pass a simple structure with a ProcessID and
the hiding option(s) to enable to the driver. The internal API is
designed to add hooks with little effort, which means adding features
is really easy.

Features:

- ProcessDebugFlags (NtQueryInformationProcess)
- ProcessDebugPort (NtQueryInformationProcess)
- ProcessDebugObjectHandle (NtQueryInformationProcess)
- DebugObject (NtQueryObject)
- SystemKernelDebuggerInformation (NtQuerySystemInformation)
- NtClose (STATUS_INVALID_HANDLE exception)
- ThreadHideFromDebugger (NtSetInformationThread)

Test environments:

- Windows 7 x64 (SP1)
- Windows XP x86 (SP3)
- Windows XP x64 (SP1)

Installation:

1) Copy TitanHide.sys to %systemroot%\system32\drivers
2) Start 'loader.exe' (available on the download page)
3) Delete the old service (when present)
4) Install a new service
5) Start driver
6) Use 'TitanHideGUI.exe' to set hide options

NOTE: When on x64, you have to disable PatchGuard and driver signature
      enforcement yourself. Google is your friend :)
Repository:
https://bitbucket.org/mrexodia/titanhide/

Downloads:
https://bitbucket.org/mrexodia/titanhide/downloads

Feel free to report bugs and/or request features.

Greetings,

Mr. eXoDia
Attached Files
File Type: rar loader.rar (3.7 KB, 34 views)

Last edited by mr.exodia; 10-28-2015 at 09:13.
Reply With Quote
The Following 11 Users Gave Reputation+1 to mr.exodia For This Useful Post:
ahmadmansoor (01-27-2014), besoeso (01-27-2014), chessgod101 (01-31-2014), giv (01-29-2014), h8er (01-28-2014), Insid3Code (01-27-2014), orfei (01-27-2014), quygia128 (01-27-2014), TQN (01-27-2014), winndy (01-27-2014)
The Following 2 Users Say Thank You to mr.exodia For This Useful Post:
demon_da (04-08-2015), Indigo (07-19-2019)