Jump to content
Tuts 4 You
mrexodia

TitanHide

Recommended Posts

Tomay

These are the correct commands:

bcdedit /set testsigning on

bcdedit /debug on

bcdedit /dbgsettings local /noumex

Also do this fix if you want to use Print Screen: https://bitbucket.org/mrexodia/titanhide/src/e0f82305a159bcbb00696cdc7b61ae91b77ad002/BreakOnSysRq.reg?at=master

 

OK, I will try this, because the previous commands didn't worked for me.

 

EDIT: Didn't worked either :(

Edited by Tomay (see edit history)

Share this post


Link to post
Share on other sites
CodeEnding

thank you very much  :rule:


Share this post


Link to post
Share on other sites
mrexodia

OK, I will try this, because the previous commands didn't worked for me.

 

EDIT: Didn't worked either :(

 

You're right, recently I discovered this doesn't actually work. You should try KPP Destroyer, it works great!

Share this post


Link to post
Share on other sites
Tomay

You're right, recently I discovered this doesn't actually work. You should try KPP Destroyer, it works great!

 

It may work on previous releases of windows 8 & 8.1, But I have updated my system (Windows 8.1 Enterprise x64) with the latest updates available.

Share this post


Link to post
Share on other sites
mrexodia

It may work on previous releases of windows 8 & 8.1, But I have updated my system (Windows 8.1 Enterprise x64) with the latest updates available.

 

Which means? I don't think microsoft patched this approach. I installed it about 5 days ago, it was working fine.

Share this post


Link to post
Share on other sites
krisipio

BSOD on service start at win 7 ultimate SP1 x64, used rev 12. I attached the minidumps, they might be of some use to you. I dont use any AV.


Minidump.rar

  • Like 1

Share this post


Link to post
Share on other sites
GIV

XP SP3 X86 = BSOD


Win 7 SP1 X64 = BSOD


PatchGuard disabled via KPP destroyer.


 


 


Here is the minidump for Win7.


 


031315-26176-01.7z

Share this post


Link to post
Share on other sites
hahoa

this looks such a badass :) keep up the good work :D

Share this post


Link to post
Share on other sites
BOSCH

Mr.exodia because TitanHide.sys it doens't have a digital signature and windows 8.1 don't let me install it.


What i can do to bypass the windows protection?


Share this post


Link to post
Share on other sites
mrexodia

BOSCH: You will have to figure that out by yourself I'm afraid. You should look for KPP Destroyer, but you need to do some manual work to disable PatchGuard completely. In the readme there is also more information on disabling driver signature verification (just enable test signing).

 

Using this driver is not safe for your computer. There could be file system corruption bugs etc. This is why I don't provide an easy one-click installer. People need to be proficient enough to disable patchguard with some googling/programming before they use this kind of drivers.

Obviously you can also use Windows XP x32 if you don't want to worry about PatchGuard or driver signature verification ;)

Share this post


Link to post
Share on other sites
GIV

In Win XP SP3 on my PC the driver still crash the PC on load.


Share this post


Link to post
Share on other sites
mrexodia

In Win XP SP3 on my PC the driver still crash the PC on load.

 

Yep, I never said it would work on XP :) Just that it wouldn't complain about certificates or PatchGuard.

Share this post


Link to post
Share on other sites
HackHand

Hi,

 

I am using win7 x64 and have used "disable_pg_ds_v3.rar - - Disable PatchGuard & Driver Signing on X64 Windows 7 + SP1", anyway I get an error message when I want to start the TitanHide.

 

C:\Windows\system32>sc start TitanHide
[sC] StartService FAILED 6:The handle is invalid.

Share this post


Link to post
Share on other sites
HackHand
 

I have asked the above question couple of weeks ago. I have not gotten any help yet. I searched and tried to fix the issue however I failed since I don't know why this error occurs.

Share this post


Link to post
Share on other sites
cra0

I just tried this i started the service put in the PID of the x64 debugger in the GUI hit hide for all and it still shows up using the test wtf?


 


-edit- just ran it with cheatengine along with its debugger still nothing-


Edited by cra0 (see edit history)

Share this post


Link to post
Share on other sites
mrexodia

first check if you have TitanHide running. There should be a log file in C:\TitanHide.log


  • Like 1

Share this post


Link to post
Share on other sites
testor930

Some protectors possess memory protection and you'll crash randomly when altering anything that is being executed during the runtime.


In my case I have got a themida protected program which will crash after running an manipulated function a few time. 


 


Does TitanHide also fix this kind of protections? 


(Ollydbg log: Debugged program set single step flag (bit T in EFL). I don't know how to step command at address 7C90E514(KiFastSystemCallRet) correctly. Try to set breakpoint on next command and run. / Don't know how to continue because memory at address 0x200 is not readable (EIP = 200))


 


Edit:


With the driver on win xp3 the process will still hang and crash at KiFastSystemCallRet after it calls WaitForSingleObject on main thread, so it must be because of one thread that does protection. Where


the last call was to setThreadPriority->..->setInformationThread and corrupted stack return 200.

Edited by testor930 (see edit history)

Share this post


Link to post
Share on other sites
JAYceM6

cool tool


 


on x64, find a Expired certificate


Share this post


Link to post
Share on other sites
GIV

Hi all.

I have tested the TitanHide on X64 Win7 Ultimate.

Even i do all patches i find on web and respect instructions to disable patchguard from manual or driver signature check and even start Win 7 with F8 and select proper menu driver checking skip i get a invalig signature for the driver by the OS and the driver is not started.

Can someone present me a reliable way to get this driver to work Under Win 7 X64?

Share this post


Link to post
Share on other sites
mrexodia

@GIV you need to be in TESTSIGNING mode on Windows 7 x64. You also need to disable PatchGuard, which requires patching of your kernel. KPP Destroyer does this but it might have been patched by Microsoft :)

Here is a custom version of KPP Destroyer that I did https://mega.nz/#!CspBhLAD!wGH6e_s7GWAz9OZgKWsDXX-2H4JyDfkAh-wmhCaAkqI usage http://forum.cheatengine.org/viewtopic.php?t=573311

I will download a Win7 x64 ISO and see if I can find some time to write a tutorial for you.

Share this post


Link to post
Share on other sites
GIV

Hi.

I have testsinging set to ON and used the same KPP destroyer version as you.

I even restarted the OS and select the proper menu option at startup (F8) to disable driver signature and does not work.

Who knows... maybe i miss some thing but i did not succeeded until now to setup the driver.

I wait your info.

 

P.S.

A better new year to all.

Share this post


Link to post
Share on other sites
mrexodia

@GIV I tried today, but I couldn't get it to work either. Maybe there is a bug with KPP Destroyer. I will check it a little more but my interest is not very high in this project right now.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×