Exetools  

Go Back   Exetools > General > x64 OS

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 03-15-2013, 22:16
typedef
 
Posts: n/a
Hiding processes using FROST (64bit)

Just thought I'd post this, in case it hadn't been posted before.

Using an gaming anti-cheat application called FROST, it is possible to hide arbitrary processes on a 64bit system, using their signed 64bit driver. I'm not sure if the drivers certificate has been revoked or not, but it worked a few months ago...

Here's the original forum post:

http://translate.google.com/translate?sl=auto&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http%3A%2F%2Fexelab.ru%2Ff%2Findex.php%3Faction%3Dvthread%26forum%3D1%26topic%3D20263&act=url

The drivers can be downloaded from:

http://www.sendspace.com/file/cgkw53

Sorry if this has been posted before - delete if it has been.
Reply With Quote
  #2  
Old 03-18-2013, 12:50
Av0id Av0id is offline
VIP
 
Join Date: Jan 2006
Posts: 399
Rept. Given: 112
Rept. Rcvd 111 Times in 69 Posts
Thanks Given: 0
Thanks Rcvd at 15 Times in 15 Posts
Av0id Reputation: 100-199 Av0id Reputation: 100-199
all you need is to form proper DeviceIoControl buffer
Reply With Quote
The Following User Says Thank You to Av0id For This Useful Post:
Indigo (07-19-2019)
  #3  
Old 07-18-2013, 03:40
securedsolutions
 
Posts: n/a
This will not work on Windows 8 x64
Reply With Quote
The Following User Gave Reputation+1 to For This Useful Post:
Av0id (07-18-2013)
  #4  
Old 02-06-2014, 06:35
jump jump is offline
VIP
 
Join Date: Jan 2009
Posts: 305
Rept. Given: 84
Rept. Rcvd 51 Times in 26 Posts
Thanks Given: 22
Thanks Rcvd at 41 Times in 27 Posts
jump Reputation: 51
Could you post again working link or attach it locally. Thanks!

--
Jump
Reply With Quote
The Following User Says Thank You to jump For This Useful Post:
Indigo (07-19-2019)
  #5  
Old 02-16-2014, 10:08
BAHEK BAHEK is offline
Family
 
Join Date: Dec 2012
Posts: 63
Rept. Given: 33
Rept. Rcvd 89 Times in 29 Posts
Thanks Given: 46
Thanks Rcvd at 125 Times in 34 Posts
BAHEK Reputation: 89
Quote:
Originally Posted by jump View Post
Could you post again working link or attach it locally. Thanks!

--
Jump
frost.rar
|---frost_32.sys
|---frost_64.sys
|---hidden_run.exe - about
`---hidden_run_src
Attached Files
File Type: rar frost.rar (1.17 MB, 104 views)
Reply With Quote
The Following 2 Users Gave Reputation+1 to BAHEK For This Useful Post:
Av0id (02-17-2014)
The Following User Says Thank You to BAHEK For This Useful Post:
Indigo (07-19-2019)
  #6  
Old 02-18-2014, 07:10
The Old Pirate The Old Pirate is offline
Family
 
Join Date: Sep 2005
Posts: 120
Rept. Given: 51
Rept. Rcvd 73 Times in 22 Posts
Thanks Given: 9
Thanks Rcvd at 18 Times in 10 Posts
The Old Pirate Reputation: 73
Doesn't work on Windows 7 x64 as well, does it?
__________________

http://youtu.be/H0QfVDebLFg
Reply With Quote
The Following User Gave Reputation+1 to The Old Pirate For This Useful Post:
The Following User Says Thank You to The Old Pirate For This Useful Post:
Indigo (07-19-2019)
  #7  
Old 05-22-2014, 23:21
DMichael's Avatar
DMichael DMichael is offline
Family
 
Join Date: Apr 2012
Location: Israel
Posts: 197
Rept. Given: 138
Rept. Rcvd 281 Times in 72 Posts
Thanks Given: 13
Thanks Rcvd at 31 Times in 25 Posts
DMichael Reputation: 200-299 DMichael Reputation: 200-299 DMichael Reputation: 200-299
the sign is old thats why it wont work
Reply With Quote
The Following User Says Thank You to DMichael For This Useful Post:
Indigo (07-19-2019)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to inject my dll into all user processes [Win]? bearek General Discussion 17 03-08-2005 02:12
LordPE limited to 60 processes? tbone General Discussion 0 07-01-2004 06:35
IDA debugging sub processes Bram Kate General Discussion 2 05-03-2004 18:28


All times are GMT +8. The time now is 12:26.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )