cyrex1337 Posted August 23, 2016 Posted August 23, 2016 (edited) (Sorry, I may have posted this in the wrong section. I believed this is the TitanHide section -.-) Hey. I wanna use TitanHide driver to hide x64dbg/ollydbg from certain protectors. As Reverse Engineering environment I have set up a virtual machine (VMware Workstation 12.1.1 build-3770994) with Windows 7 Professional x64 (SP1). Moreover, I compiled TitanHide myself on my host operating system Windows 10 Pro x64 using Win7 Release configuration and x64 platform without errors or warnings. (used WDK 8.1 Update 1) Since I got an UEFI mainboard I also had to enable Intel VT-x to get the virtual machine to work (idk if this is really important but just listing some differences because on my older computer it worked just fine) For the VM I have set up 4 GB of DDR4 memory and one core of the CPU can be used. After that I booted into the Win7 VM and used KPP Destroyer P4 (Final, Patch 4) to patch the kernel patch protection (actually copying kernel and bootloader and then modifying them, providing a new bootloader to boot using the patched files) Now I spawned an administrator command prompt and enabled testsigning. (double-checked with bcdedit if the current boot's testsigning setting is set to "on"). After a restart, I noticed the absence of the "test mode" text printed in the lower corner of your screen normally if testsigning is enabled. I thought it's just that KPP Destroyer patched it away. Ofc. that made me open a command prompt and checking again if testsigning is enabled in the current bootloader's setting. And yes it was. So I went on to the testing stage, and tried four installation methods: with sc.exe - creating the service - no probem. When starting the service, sc.exe tells me that the handle of the driver is invalid. ServiceManager.exe - invalid handle loader.exe - invalid handle OSRLoader - invalid handle before someone asks me to do that: - I have placed the driver into C:\Windows\system32\drivers - I have full administrator privileges and every program I described here - I have already tried other PatchGuard/KPP disablers. One of them doesn't even let me boot with the new bootloader o.O, others: same issue. Thanks if someone can help me out here! Edited August 23, 2016 by cyrex1337
mrexodia Posted August 23, 2016 Posted August 23, 2016 Someone recently got it working https://mega.nz/#!m5AmlLrZ!EFpzM1uvilbOwYVCYtf4V_HV5mJcitPWpmJ0EdCLszA 2
cyrex1337 Posted August 23, 2016 Author Posted August 23, 2016 45 minutes ago, Mr. eXoDia said: Someone recently got it working https://mega.nz/#!m5AmlLrZ!EFpzM1uvilbOwYVCYtf4V_HV5mJcitPWpmJ0EdCLszA I'm really grateful. Thanks mate!
Mecanik Posted October 31, 2016 Posted October 31, 2016 I really don`t understand how did Windows 7 load unsigned driver o.O
secursig Posted July 14, 2017 Posted July 14, 2017 you can disable the enforcement at boot prompt by hitting F8 and hit disable driver sign enforcement. I have this as default for my boot config that has the KPP disabled.
sitikomariah Posted May 26, 2021 Posted May 26, 2021 (edited) thanks mr. exodia. i will try and post results. because my driver also did not load properly Edit: And then, where i get the PID values? main64.exe [1020] or TitanHide.sys at service tab? I didn't found in TitanHide process. Thanks, finally i can load latest vmprotect. Edited May 26, 2021 by sitikomariah progress
boot Posted June 4, 2023 Posted June 4, 2023 I also had this problem... After downloading the latest TitanHide source code from GitHub and compiling Titanhide.sys (adding my own signature) : The driver wouldn't load. But I compile other drivers, such as my own, without this problem (also with my signature). Environment: VS2019 Enterprise + Win10 x64 + WDK 10 + SDK 10
X0rby Posted June 23, 2023 Posted June 23, 2023 (edited) Quote The driver wouldn't load Environment: VS2019 Enterprise + Win10 x64 + WDK 10 + SDK 10 Working well here on win10 x64 Edited June 24, 2023 by X0rby Add a color
X0rby Posted June 23, 2023 Posted June 23, 2023 Quote from the author's GitHub : Quote I will permanently ban you from the issue tracker. If you don't know how to properly install the tool you don't know enough to use it responsibly and you should use something else like ScyllaHide
boot Posted June 24, 2023 Posted June 24, 2023 (edited) 23 hours ago, jackyjask said: Does not work Finally, I recompiled sys and added a digital signature to solve this strange problem. Titanhide.sys can be loaded on Win11 x64. DR_2023-06-24_160355.mp4 Edited June 24, 2023 by boot Add... 1
CodeExplorer Posted June 24, 2023 Posted June 24, 2023 Quote and added a digital signature to solve this strange problem How you did this? What signature did you used? 1
boot Posted July 9, 2023 Posted July 9, 2023 On 6/24/2023 at 6:02 PM, CodeExplorer said: How you did this? What signature did you used? Try this driver. I recompiled and tested it, and it was able to load form Win7 x64 to Win11 x64. https://pan.huang1111.cn/s/mM1Ls1 1
Noob boy Posted September 7, 2023 Posted September 7, 2023 On 7/10/2023 at 6:24 AM, boot said: Try this driver. I recompiled and tested it, and it was able to load form Win7 x64 to Win11 x64. https://pan.huang1111.cn/s/mM1Ls1 Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz 1.99 GHz windows10 21H2 Enterprise Edition 19044.2604 Still blue screen 1
Progman Posted May 29 Posted May 29 On 9/7/2023 at 6:13 AM, Noob boy said: Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz 1.99 GHz windows10 21H2 Enterprise Edition 19044.2604 Still blue screen Drivers are unforgiving on any segfault or error you will crash but you didn't give the bluescreen error details. Maybe you have a driver for a wrong 32/64 bit x86/arm system or maybe there is a bug in the driver or maybe some permission issue or maybe a dependency missing or some mixture of these things. Did you try attaching a kernel remote debugger to see the details? 1
boot Posted Saturday at 01:20 PM Posted Saturday at 01:20 PM On 7/10/2023 at 6:24 AM, boot said: it was able to load... For the latest version of Windows 11, some drivers loading requires WHQL signature. However, there are still ways to load drivers with banned signatures without enabling test mode. 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now