cyrex1337 Posted August 23, 2016 Posted August 23, 2016 (edited) (Sorry, I may have posted this in the wrong section. I believed this is the TitanHide section -.-) Hey. I wanna use TitanHide driver to hide x64dbg/ollydbg from certain protectors. As Reverse Engineering environment I have set up a virtual machine (VMware Workstation 12.1.1 build-3770994) with Windows 7 Professional x64 (SP1). Moreover, I compiled TitanHide myself on my host operating system Windows 10 Pro x64 using Win7 Release configuration and x64 platform without errors or warnings. (used WDK 8.1 Update 1) Since I got an UEFI mainboard I also had to enable Intel VT-x to get the virtual machine to work (idk if this is really important but just listing some differences because on my older computer it worked just fine) For the VM I have set up 4 GB of DDR4 memory and one core of the CPU can be used. After that I booted into the Win7 VM and used KPP Destroyer P4 (Final, Patch 4) to patch the kernel patch protection (actually copying kernel and bootloader and then modifying them, providing a new bootloader to boot using the patched files) Now I spawned an administrator command prompt and enabled testsigning. (double-checked with bcdedit if the current boot's testsigning setting is set to "on"). After a restart, I noticed the absence of the "test mode" text printed in the lower corner of your screen normally if testsigning is enabled. I thought it's just that KPP Destroyer patched it away. Ofc. that made me open a command prompt and checking again if testsigning is enabled in the current bootloader's setting. And yes it was. So I went on to the testing stage, and tried four installation methods: with sc.exe - creating the service - no probem. When starting the service, sc.exe tells me that the handle of the driver is invalid. ServiceManager.exe - invalid handle loader.exe - invalid handle OSRLoader - invalid handle before someone asks me to do that: - I have placed the driver into C:\Windows\system32\drivers - I have full administrator privileges and every program I described here - I have already tried other PatchGuard/KPP disablers. One of them doesn't even let me boot with the new bootloader o.O, others: same issue. Thanks if someone can help me out here! Edited August 23, 2016 by cyrex1337
mrexodia Posted August 23, 2016 Posted August 23, 2016 Someone recently got it working https://mega.nz/#!m5AmlLrZ!EFpzM1uvilbOwYVCYtf4V_HV5mJcitPWpmJ0EdCLszA 2
cyrex1337 Posted August 23, 2016 Author Posted August 23, 2016 45 minutes ago, Mr. eXoDia said: Someone recently got it working https://mega.nz/#!m5AmlLrZ!EFpzM1uvilbOwYVCYtf4V_HV5mJcitPWpmJ0EdCLszA I'm really grateful. Thanks mate!
Mecanik Posted October 31, 2016 Posted October 31, 2016 I really don`t understand how did Windows 7 load unsigned driver o.O
secursig Posted July 14, 2017 Posted July 14, 2017 you can disable the enforcement at boot prompt by hitting F8 and hit disable driver sign enforcement. I have this as default for my boot config that has the KPP disabled.
sitikomariah Posted May 26, 2021 Posted May 26, 2021 (edited) thanks mr. exodia. i will try and post results. because my driver also did not load properly Edit: And then, where i get the PID values? main64.exe [1020] or TitanHide.sys at service tab? I didn't found in TitanHide process. Thanks, finally i can load latest vmprotect. Edited May 26, 2021 by sitikomariah progress
boot Posted June 4, 2023 Posted June 4, 2023 I also had this problem... After downloading the latest TitanHide source code from GitHub and compiling Titanhide.sys (adding my own signature) : The driver wouldn't load. But I compile other drivers, such as my own, without this problem (also with my signature). Environment: VS2019 Enterprise + Win10 x64 + WDK 10 + SDK 10
X0rby Posted June 23, 2023 Posted June 23, 2023 (edited) Quote The driver wouldn't load Environment: VS2019 Enterprise + Win10 x64 + WDK 10 + SDK 10 Working well here on win10 x64 Edited June 24, 2023 by X0rby Add a color
X0rby Posted June 23, 2023 Posted June 23, 2023 Quote from the author's GitHub : Quote I will permanently ban you from the issue tracker. If you don't know how to properly install the tool you don't know enough to use it responsibly and you should use something else like ScyllaHide
boot Posted June 24, 2023 Posted June 24, 2023 (edited) 23 hours ago, jackyjask said: Does not work Finally, I recompiled sys and added a digital signature to solve this strange problem. Titanhide.sys can be loaded on Win11 x64. DR_2023-06-24_160355.mp4 Edited June 24, 2023 by boot Add... 1
CodeExplorer Posted June 24, 2023 Posted June 24, 2023 Quote and added a digital signature to solve this strange problem How you did this? What signature did you used? 1
boot Posted July 9, 2023 Posted July 9, 2023 On 6/24/2023 at 6:02 PM, CodeExplorer said: How you did this? What signature did you used? Try this driver. I recompiled and tested it, and it was able to load form Win7 x64 to Win11 x64. https://pan.huang1111.cn/s/mM1Ls1 1
Noob boy Posted September 7, 2023 Posted September 7, 2023 On 7/10/2023 at 6:24 AM, boot said: Try this driver. I recompiled and tested it, and it was able to load form Win7 x64 to Win11 x64. https://pan.huang1111.cn/s/mM1Ls1 Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz 1.99 GHz windows10 21H2 Enterprise Edition 19044.2604 Still blue screen 1
Progman Posted May 29, 2024 Posted May 29, 2024 On 9/7/2023 at 6:13 AM, Noob boy said: Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz 1.99 GHz windows10 21H2 Enterprise Edition 19044.2604 Still blue screen Drivers are unforgiving on any segfault or error you will crash but you didn't give the bluescreen error details. Maybe you have a driver for a wrong 32/64 bit x86/arm system or maybe there is a bug in the driver or maybe some permission issue or maybe a dependency missing or some mixture of these things. Did you try attaching a kernel remote debugger to see the details? 1
boot Posted December 14, 2024 Posted December 14, 2024 On 7/10/2023 at 6:24 AM, boot said: it was able to load... For the latest version of Windows 11, some drivers loading requires WHQL signature. However, there are still ways to load drivers with banned signatures without enabling test mode. 1
tazmir Posted February 22 Posted February 22 titanhide new update coming 3 weeks ago but i am not found titanhide.sys file and am try compile but not working , help me plz (this steps am try but many thing error ) Installation Method 1 Copy TitanHide.sys to %systemroot%\system32\drivers. Run the command sc create TitanHide binPath= %systemroot%\system32\drivers\TitanHide.sys type= kernel to create the TitanHide service. Run the command sc start TitanHide to start the TitanHide service. Run the command sc query TitanHide to check if TitanHide is running. Installation Method 2 Copy TitanHide.sys to %systemroot%\system32\drivers. Start ServiceManager.exe (available on the download page). Delete the old service (when present). Install a new service (specify the full path to TitanHide.sys). Start the service you just created. Use TitanHideGUI.exe to set hide options for a PID.
Progman Posted March 12 Posted March 12 On 2/22/2025 at 4:43 PM, tazmir said: titanhide new update coming 3 weeks ago but i am not found titanhide.sys file and am try compile but not working , help me plz (this steps am try but many thing error ) Installation Method 1 Copy TitanHide.sys to %systemroot%\system32\drivers. Run the command sc create TitanHide binPath= %systemroot%\system32\drivers\TitanHide.sys type= kernel to create the TitanHide service. Run the command sc start TitanHide to start the TitanHide service. Run the command sc query TitanHide to check if TitanHide is running. Installation Method 2 Copy TitanHide.sys to %systemroot%\system32\drivers. Start ServiceManager.exe (available on the download page). Delete the old service (when present). Install a new service (specify the full path to TitanHide.sys). Start the service you just created. Use TitanHideGUI.exe to set hide options for a PID. It sounds like you're having trouble with the TitanHide driver, which is used to hide processes from anti-cheat systems. Here are some steps and troubleshooting tips to help you resolve the issue: ### 1. **Ensure You Have the Correct Files** - Make sure you have the latest version of TitanHide from the official source. The files you need are: - `TitanHide.sys` (the driver file) - `TitanHideGUI.exe` (the graphical interface to configure the driver) - `ServiceManager.exe` (optional, for managing the service) ### 2. **Check for Compilation Errors** - If you're compiling TitanHide from source, ensure you have the correct build environment set up (e.g., Visual Studio with the Windows Driver Kit (WDK)). - Make sure all dependencies are correctly referenced. - If you encounter specific errors during compilation, share the error messages for further assistance. ### 3. **Manual Installation Steps** If you're unable to compile or find the `TitanHide.sys` file, try the following: #### Method 1: Using Command Line 1. **Copy the Driver File**: - Place `TitanHide.sys` in `C:\Windows\System32\drivers\`. 2. **Create the Service**: - Open Command Prompt as Administrator. - Run: ```cmd sc create TitanHide binPath= C:\Windows\System32\drivers\TitanHide.sys type= kernel ``` 3. **Start the Service**: - Run: ```cmd sc start TitanHide ``` 4. **Verify the Service**: - Run: ```cmd sc query TitanHide ``` - Check if the service is running. #### Method 2: Using ServiceManager.exe 1. **Copy the Driver File**: - Place `TitanHide.sys` in `C:\Windows\System32\drivers\`. 2. **Open ServiceManager.exe**: - Run `ServiceManager.exe` as Administrator. 3. **Delete Old Service (if present)**: - Remove any existing TitanHide service. 4. **Install New Service**: - Click "Install Service" and specify the full path to `TitanHide.sys`. 5. **Start the Service**: - Start the newly created service. 6. **Configure with TitanHideGUI**: - Run `TitanHideGUI.exe` and configure the options for the desired Process ID (PID). ### 4. **Common Issues and Fixes** - **Driver Not Loading**: - Ensure you have disabled driver signature enforcement (if required) by booting into "Disable Driver Signature Enforcement" mode. - Check Windows Event Viewer for any driver-related errors. - **Access Denied Errors**: - Make sure you are running all commands and tools as Administrator. - **Missing Files**: - Double-check that all required files (`TitanHide.sys`, `TitanHideGUI.exe`, etc.) are present and in the correct locations. ### 5. **Debugging Tips** - If the driver fails to load, use a tool like **WinDbg** to debug the kernel driver. - Check the Windows Event Viewer for detailed error messages related to the driver. ### 6. **Reach Out to the Community** - If you're still stuck, consider reaching out to the TitanHide community or forums where the developer and other users might be able to help. If you provide specific error messages or details about what’s not working, I can offer more targeted advice. Good luck!
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now