Go Back   Exetools > General > x64 OS


Thread Tools Display Modes
Old 04-05-2012, 14:05
Posts: n/a
Process hiding with SSDT modification in x64 Win7

I'm looking for a way to hide a process with SSDT in x64 Windows 7. I successfully find SSDT location and changed the value (4byte), which is RVA for a specific system function. If you want to know the details, let me know it. I'll add more information.

However, I failed to point to the hooked function from the changed SSDT because of the different base address, which is added with RVA value above.

Does anybody know where to go? Thank you in advance.
Reply With Quote
Old 04-26-2012, 07:44
Fyyre's Avatar
Fyyre Fyyre is offline
Join Date: Dec 2009
Location: 0°N 0°E / 0°N 0°E / 0; 0
Posts: 266
Rept. Given: 80
Rept. Rcvd 85 Times in 38 Posts
Thanks Given: 153
Thanks Rcvd at 338 Times in 116 Posts
Fyyre Reputation: 85
I would not both with SSDT in x64 Windows.. is much easier to just remove process from linked list and/or handle table.

Best Wishes,



Reply With Quote
The Following User Gave Reputation+1 to Fyyre For This Useful Post:
Old 05-01-2012, 07:07
Posts: n/a
use detouring or patch some emtpy space to write a delegator to your own method
Reply With Quote
Old 05-03-2012, 18:16
Posts: n/a
Dear fyyre. I found out your hidecon example. Is it implemented by "just remove process from linked list and/or handle table"?
I still want to know a solution to locate the hooked function to the segment of SSDT table.
Anybody to help me?
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Hiding a process securedsolutions x64 OS 5 08-29-2013 17:59
SSDT in Windows Vista/7 x86 _MAX_ General Discussion 3 08-30-2012 02:56
Best rootkit for win7? suddenLy General Discussion 10 03-25-2011 08:52

All times are GMT +8. The time now is 14:29.

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )