Jump to content
Tuts 4 You

Driver doesn't want to start


cyrex1337

Recommended Posts

(Sorry, I may have posted this in the wrong section. I believed this is the TitanHide section -.-)

 

Hey. I wanna use TitanHide driver to hide x64dbg/ollydbg from certain protectors. As Reverse Engineering environment I have set up a virtual machine (VMware Workstation 12.1.1 build-3770994) with Windows 7 Professional x64 (SP1).

Moreover, I compiled TitanHide myself on my host operating system Windows 10 Pro x64 using Win7 Release configuration and x64 platform without errors or warnings. (used WDK 8.1 Update 1)

Since I got an UEFI mainboard I also had to enable Intel VT-x to get the virtual machine to work (idk if this is really important but just listing some differences because on my older computer it worked just fine)

For the VM I have set up 4 GB of DDR4 memory and one core of the CPU can be used.

After that I booted into the Win7 VM and used KPP Destroyer P4 (Final, Patch 4) to patch the kernel patch protection (actually copying kernel and bootloader and then modifying them, providing a new bootloader to boot using the patched files)

Now I spawned an administrator command prompt and enabled testsigning. (double-checked with bcdedit if the current boot's testsigning setting is set to "on").

After a restart, I noticed the absence of the "test mode" text printed in the lower corner of your screen normally if testsigning is enabled. I thought it's just that KPP Destroyer patched it away.

Ofc. that made me open a command prompt and checking again if testsigning is enabled in the current bootloader's setting. And yes it was.

 

So I went on to the testing stage, and tried four installation methods:

with sc.exe - creating the service - no probem. When starting the service, sc.exe tells me that the handle of the driver is invalid.

ServiceManager.exe - invalid handle

loader.exe - invalid handle

OSRLoader - invalid handle

 

before someone asks me to do that:

- I have placed the driver into C:\Windows\system32\drivers

- I have full administrator privileges and every program I described here

- I have already tried other PatchGuard/KPP disablers. One of them doesn't even let me boot with the new bootloader o.O, others: same issue.

 

Thanks if someone can help me out here!

Edited by cyrex1337
Link to comment
  • 2 months later...
  • 8 months later...

you can disable the enforcement at boot prompt by hitting F8 and hit disable driver sign enforcement. I have this as default for my boot config that has the KPP disabled.

Link to comment
  • 2 weeks later...
  • 3 years later...
sitikomariah

thanks mr. exodia. i will try and post results. because my driver also did not load properly

Edit: And then, where i get the PID values? main64.exe [1020] or TitanHide.sys at service tab? I didn't found in TitanHide process.

Thanks, finally i can load latest vmprotect.

 

 

vmprotect3.5.jpg

Edited by sitikomariah
progress
Link to comment
  • 2 years later...

I also had this problem... After downloading the latest TitanHide source code from GitHub and compiling Titanhide.sys (adding my own signature) : The driver wouldn't load. But I compile other drivers, such as my own, without this problem (also with my signature). 

Environment: VS2019 Enterprise + Win10 x64 + WDK 10 + SDK 10

Link to comment
  • 3 weeks later...
Quote

The driver wouldn't load

Environment: VS2019 Enterprise + Win10 x64 + WDK 10 + SDK 10

8.JPG.2d4c93aea91230306bddb1932d82ea6f.JPG

Working well here on win10 x64

 

Edited by X0rby
Add a color
Link to comment

Quote from the author's GitHub :

Quote

I will permanently ban you from the issue tracker. If you don't know how to properly install the tool you don't know enough to use it responsibly and you should use something else like ScyllaHide

 

Link to comment
23 hours ago, jackyjask said:

Does not work

 

Finally, I recompiled sys and added a digital signature to solve this strange problem. Titanhide.sys can be loaded on Win11 x64.

 

 

Edited by boot
Add...
Link to comment
CodeExplorer
Quote

and added a digital signature to solve this strange problem

How you did this? What signature did you used?
 

  • Like 1
Link to comment
  • 3 weeks later...
  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...