Jump to content
Tuts 4 You
mrexodia

TitanHide

Recommended Posts

DarkInjection

titanhide seems to not work in my windows 7 64
 
i used TitanHideTest.exe to test the functionality but it always return 0 in values also themida detect my program
 

ProcessDebugFlags: 0ProcessDebugPort: 0ProcessDebugObjectHandle: 0NtQueryObject: 0CheckSystemDebugger: 0CheckNtClose: 0

i used fyrre's no patchguard v3

Share this post


Link to post
Share on other sites
mrexodia

@DarkInjection, 0 means not detected. So if you're running TitanHide under a debugger, it works perfectly fine :)

Greetings

Share this post


Link to post
Share on other sites
DarkInjection

you are right i misunderstood it thnx


  • Like 1

Share this post


Link to post
Share on other sites
kgh0701

Hello , I have this antivirus warning .


I just downloaded from Mr.eXodia ' github .


 


What is wrong or antivirus ' mistake ?


post-80762-0-75497900-1405685093_thumb.p

Edited by kgh0701 (see edit history)

Share this post


Link to post
Share on other sites
mrexodia

It's 100% a false-positive (programs installing services are dangerous, because they could install rootkits). If you don't trust the file, you can compile it yourself (the source is available).

Greetings

Share this post


Link to post
Share on other sites
kgh0701

TitanHide doesnot support multiple hide ?


 


I need to hide debugger for 2 processes.


 


But it seeks like it doesnot work

Share this post


Link to post
Share on other sites
mrexodia

@kgh0701: You can use TitanHideGUI to hide the debugger from any PID you want.

Greetings

Share this post


Link to post
Share on other sites
serseri_1453

Hello Mr. eXoDia


 


titanhide PcGuard the support?


 


download links are shared in "Download repository" link I build?


 


all the places to plug-ins x64 dbg down ready for even more would be nice


 


if you do from the beginning, if possible, installation and video settings way to stop talking about it you know?


Share this post


Link to post
Share on other sites
enjon

Hi eXoDia,

 

ok I made a longer video where you can see all steps for clean Olly 1 and SND 2.3 and TitanHide too.All three testet in the video to get VMP in all run.All in all its the best to use TitanHide for this so you just need to add the ISP PEB patch and then all is working without any trouble.I added also some text infos so just watch / read & test and release later a new version + IDP PEB patch.

 

greetz

thank s LCF-AT very much

Share this post


Link to post
Share on other sites
okaydoit

hi can made one simple videoooo?


Share this post


Link to post
Share on other sites
okaydoit

i found


 


but now show me


 


This driver has been blocked from loading


 


 


when i click start serveirse


Share this post


Link to post
Share on other sites
mrexodia

probably because you didn't read the instructions correctly. it is also recommended to disable your AV completely.

Share this post


Link to post
Share on other sites
okaydoit

i do step by step


 


and i see also lcf video


 


so what is wrong?


 


and you have digital singutare link


Share this post


Link to post
Share on other sites
Tomay

I have Windows 8.1 Enterprise 64-bit (6.3, Build 9600) installed on my workstation machine (Dell Precision M4700 with Intel Core i7-3740QM CPU @ 2.70GHz (8 CPUs) & 32.0 GB of RAM) & I have PATCHED its KERNEL to DISABLE PatchGuard and Signed Driver Enforcement using KPP-Destroyer-P4 tool (take a look HERE about the tool), & HERE is its latest version made by how02, & take a look HERE for how the tool works.

 

I have followed all the steps one by one to install TitanHide.

I have Copied "TitanHide.sys" x64 version to "C:\Windows\system32\drivers"

I have used the ServiceManager to Create a TitanHide service, but when I try to start the TitanHide service, I always end up with this error message :

------------------------------------------------------------------------

PS C:\Windows\system32> net start TitanHide
System error 31 has occurred.A device attached to the system is not functioning.

------------------------------------------------------------------------

What could be the error cause !?

Help me please.

Thank you for your understanding.

Edited by Tomay (see edit history)

Share this post


Link to post
Share on other sites
simple

i dont think that method will work on latest fully updated win8.1x64. there is pg bypass source code for current win8.1x64 but it's not distro'd as easy to use binary. i'd recomend recompiling driver and sign it w/test sig, enable test sign mode, then use fyyre pg disable method on older win8.1 x64 or switch to win8/7.


Share this post


Link to post
Share on other sites
mrexodia

i dont think that method will work on latest fully updated win8.1x64. there is pg bypass source code for current win8.1x64 but it's not distro'd as easy to use binary. i'd recomend recompiling driver and sign it w/test sig, enable test sign mode, then use fyyre pg disable method on older win8.1 x64 or switch to win8/7.

Yea.. it's also possible to go in debug mode, this way patchguard should be fully disabled as well. Fyyre doesn't work with newer UEFI systems (without re-signing the winload.exe, which is lot of a hassle). I still gotta test this on Windows 10 lol, but I think it's not gonna work.

Share this post


Link to post
Share on other sites
Tomay

i dont think that method will work on latest fully updated win8.1x64. there is pg bypass source code for current win8.1x64 but it's not distro'd as easy to use binary. i'd recomend recompiling driver and sign it w/test sig, enable test sign mode, then use fyyre pg disable method on older win8.1 x64 or switch to win8/7.

 

Indeed, my Windows 8.1 x64 OS is fully updated.

 

Yea.. it's also possible to go in debug mode, this way patchguard should be fully disabled as well. Fyyre doesn't work with newer UEFI systems (without re-signing the winload.exe, which is lot of a hassle). I still gotta test this on Windows 10 lol, but I think it's not gonna work.

 

I will try the debug mode to see if PatchGuard will be fully disabled or not !

If not, I think I will give-up, and go for "Windows XP SP3 x86" on VMware Workstation.

 

EDIT:

I tried the debug mode; with no luck for disabling the PatchGuard :(

Edited by Tomay (see edit history)

Share this post


Link to post
Share on other sites
mrexodia

Try these commands: 

bcdedit /set testsigning onbcdedit /debug onbcdedit /dbgsettings local
Today I started working on TitanHide again, somehow the NtQueryInformationProcess hook is giving a BSOD all the time, does anyone know why? http://pastebin.com/2570uheJ

Greetings

Edited by Mr. eXoDia (see edit history)

Share this post


Link to post
Share on other sites
GIV

Try these commands: 

bcdedit /set testsigning onbcdedit /debug onbcdedit /dbgsettings local
Today I started working on TitanHide again, somehow the NtQueryInformationProcess hook is giving a BSOD all the time, does anyone know why? http://pastebin.com/2570uheJ

Greetings

 

I try last week to use your driver under XP SP3 and all time it reset my PC.

So i quit and now i have a fear of destroy my PC......

Maybe was a good ideea to use in a VM first :ltongue:

Share this post


Link to post
Share on other sites
mrexodia

I try last week to use your driver under XP SP3 and all time it reset my PC.

So i quit and now i have a fear of destroy my PC......

Maybe was a good ideea to use in a VM first :ltongue:

yea.. i tried it today on a VM with Win8.1.. do you have the dumps? C:\windows\minidumps

Share this post


Link to post
Share on other sites
GIV

I will look tomorrow because they are at the office PC.

Share this post


Link to post
Share on other sites
GIV

yea.. i tried it today on a VM with Win8.1.. do you have the dumps? C:\windows\minidumps

In c:\WINDOWS\Minidump\ is no file.

My PC was resetted (power off and on again like you press the reset button) not BSOD so i guess is kinda a protection feature of the PC (software or hardware???) that have been triggeder by the driver, not a BSOD exception.

I will try with your latest version and i will report back.

Share this post


Link to post
Share on other sites
Tomay

Try these commands: 

bcdedit /set testsigning onbcdedit /debug onbcdedit /dbgsettings local
Today I started working on TitanHide again, somehow the NtQueryInformationProcess hook is giving a BSOD all the time, does anyone know why? http://pastebin.com/2570uheJ

Greetings

 

 

I will try:

bcdedit /set testsigning onbcdedit /debug onbcdedit /dbgsettings local

Thanks ;)

Edited by Tomay (see edit history)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...