Jump to content
Tuts 4 You

TitanHide


mrexodia

Recommended Posts

DarkInjection

titanhide seems to not work in my windows 7 64
 
i used TitanHideTest.exe to test the functionality but it always return 0 in values also themida detect my program
 

ProcessDebugFlags: 0ProcessDebugPort: 0ProcessDebugObjectHandle: 0NtQueryObject: 0CheckSystemDebugger: 0CheckNtClose: 0

i used fyrre's no patchguard v3

Link to comment

@DarkInjection, 0 means not detected. So if you're running TitanHide under a debugger, it works perfectly fine :)

Greetings

Link to comment
  • 4 weeks later...

Hello , I have this antivirus warning .


I just downloaded from Mr.eXodia ' github .


 


What is wrong or antivirus ' mistake ?


post-80762-0-75497900-1405685093_thumb.p

Edited by kgh0701
Link to comment

It's 100% a false-positive (programs installing services are dangerous, because they could install rootkits). If you don't trust the file, you can compile it yourself (the source is available).

Greetings

Link to comment

TitanHide doesnot support multiple hide ?


 


I need to hide debugger for 2 processes.


 


But it seeks like it doesnot work

Link to comment
  • 4 weeks later...
serseri_1453

Hello Mr. eXoDia


 


titanhide PcGuard the support?


 


download links are shared in "Download repository" link I build?


 


all the places to plug-ins x64 dbg down ready for even more would be nice


 


if you do from the beginning, if possible, installation and video settings way to stop talking about it you know?


Link to comment

Hi eXoDia,

 

ok I made a longer video where you can see all steps for clean Olly 1 and SND 2.3 and TitanHide too.All three testet in the video to get VMP in all run.All in all its the best to use TitanHide for this so you just need to add the ISP PEB patch and then all is working without any trouble.I added also some text infos so just watch / read & test and release later a new version + IDP PEB patch.

 

greetz

thank s LCF-AT very much

Link to comment
  • 4 months later...
  • 3 weeks later...

I have Windows 8.1 Enterprise 64-bit (6.3, Build 9600) installed on my workstation machine (Dell Precision M4700 with Intel Core i7-3740QM CPU @ 2.70GHz (8 CPUs) & 32.0 GB of RAM) & I have PATCHED its KERNEL to DISABLE PatchGuard and Signed Driver Enforcement using KPP-Destroyer-P4 tool (take a look HERE about the tool), & HERE is its latest version made by how02, & take a look HERE for how the tool works.

 

I have followed all the steps one by one to install TitanHide.

I have Copied "TitanHide.sys" x64 version to "C:\Windows\system32\drivers"

I have used the ServiceManager to Create a TitanHide service, but when I try to start the TitanHide service, I always end up with this error message :

------------------------------------------------------------------------

PS C:\Windows\system32> net start TitanHide
System error 31 has occurred.A device attached to the system is not functioning.

------------------------------------------------------------------------

What could be the error cause !?

Help me please.

Thank you for your understanding.

Edited by Tomay
Link to comment

i dont think that method will work on latest fully updated win8.1x64. there is pg bypass source code for current win8.1x64 but it's not distro'd as easy to use binary. i'd recomend recompiling driver and sign it w/test sig, enable test sign mode, then use fyyre pg disable method on older win8.1 x64 or switch to win8/7.


Link to comment

i dont think that method will work on latest fully updated win8.1x64. there is pg bypass source code for current win8.1x64 but it's not distro'd as easy to use binary. i'd recomend recompiling driver and sign it w/test sig, enable test sign mode, then use fyyre pg disable method on older win8.1 x64 or switch to win8/7.

Yea.. it's also possible to go in debug mode, this way patchguard should be fully disabled as well. Fyyre doesn't work with newer UEFI systems (without re-signing the winload.exe, which is lot of a hassle). I still gotta test this on Windows 10 lol, but I think it's not gonna work.

Link to comment

i dont think that method will work on latest fully updated win8.1x64. there is pg bypass source code for current win8.1x64 but it's not distro'd as easy to use binary. i'd recomend recompiling driver and sign it w/test sig, enable test sign mode, then use fyyre pg disable method on older win8.1 x64 or switch to win8/7.

 

Indeed, my Windows 8.1 x64 OS is fully updated.

 

Yea.. it's also possible to go in debug mode, this way patchguard should be fully disabled as well. Fyyre doesn't work with newer UEFI systems (without re-signing the winload.exe, which is lot of a hassle). I still gotta test this on Windows 10 lol, but I think it's not gonna work.

 

I will try the debug mode to see if PatchGuard will be fully disabled or not !

If not, I think I will give-up, and go for "Windows XP SP3 x86" on VMware Workstation.

 

EDIT:

I tried the debug mode; with no luck for disabling the PatchGuard :(

Edited by Tomay
Link to comment

Try these commands: 

bcdedit /set testsigning onbcdedit /debug onbcdedit /dbgsettings local
Today I started working on TitanHide again, somehow the NtQueryInformationProcess hook is giving a BSOD all the time, does anyone know why? http://pastebin.com/2570uheJ

Greetings

Edited by Mr. eXoDia
Link to comment

Try these commands: 

bcdedit /set testsigning onbcdedit /debug onbcdedit /dbgsettings local
Today I started working on TitanHide again, somehow the NtQueryInformationProcess hook is giving a BSOD all the time, does anyone know why? http://pastebin.com/2570uheJ

Greetings

 

I try last week to use your driver under XP SP3 and all time it reset my PC.

So i quit and now i have a fear of destroy my PC......

Maybe was a good ideea to use in a VM first :ltongue:

Link to comment

I try last week to use your driver under XP SP3 and all time it reset my PC.

So i quit and now i have a fear of destroy my PC......

Maybe was a good ideea to use in a VM first :ltongue:

yea.. i tried it today on a VM with Win8.1.. do you have the dumps? C:\windows\minidumps

Link to comment

yea.. i tried it today on a VM with Win8.1.. do you have the dumps? C:\windows\minidumps

In c:\WINDOWS\Minidump\ is no file.

My PC was resetted (power off and on again like you press the reset button) not BSOD so i guess is kinda a protection feature of the PC (software or hardware???) that have been triggeder by the driver, not a BSOD exception.

I will try with your latest version and i will report back.

Link to comment

Try these commands: 

bcdedit /set testsigning onbcdedit /debug onbcdedit /dbgsettings local
Today I started working on TitanHide again, somehow the NtQueryInformationProcess hook is giving a BSOD all the time, does anyone know why? http://pastebin.com/2570uheJ

Greetings

 

 

I will try:

bcdedit /set testsigning onbcdedit /debug onbcdedit /dbgsettings local

Thanks ;)

Edited by Tomay
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...