|
@Insid3Code
do you know codes for DeviceIoControl funtion??? |
Quote:
Greetings |
Changelog V0008l:
- re-added NtClose, not working on Windows Server 2012, Windows 8 and Windows 8.1 Greetings, Mr. eXoDia |
Quote:
@Mr. eXoDia another hardcoded offset: Windows 8 SP0 X86 0x154 DebugPort Windows 8 SP0 X64 0x2F8 DebugPort Windows 8 SP1 X64 0x410 DebugPort |
@Insid3Code: Thanks a lot!
V0009 released: - changed logging behavior - added offsets for windows 8 and server 2012 (2012 not tested) Greetings, Mr. eXoDia |
@mr.exodia
If you want a more robust implementation, I would recommend that you let your driver determine the OS specific offset by itself, i.e. let it disassemble the kernel function PsGetProcessDebugPort. You could do that like this: a) determine function boundaries, i.e. disassemble all instructions from start of the function until ret. b) go backwards starting at ret until you find the first instruction that writes to eax/rax. The immediate in the source operand expression should be the offset you're looking for. |
V0010 Released:
- dynamic retrieval of DebugPortOffset (thanks to mcp!) - added some alternative code for NtClose (thanks to ahmadmansoor!) - also updated the TitanHide plugin for x64_dbg Greetings, Mr. eXoDia |
1 Attachment(s)
TitanHide plugins:
- OllyDbg v1.10 - OllyDbg v2.01 - TitanEngine (x86 + x64) - x64_dbg (x32 + x64) Attached a full archive, latest versions can be downloaded from https://bitbucket.org/mrexodia/titanhide/downloads Plugins features will not be extended, but I will fix any bugs you find. Greetings, Mr. eXoDia |
V0012 Released:
- fixed weird BSOD with NtQueryInformationProcess - better installation guide - various code fixes Source: https://bitbucket.org/mrexodia/titanhide Download: https://bitbucket.org/mrexodia/titanhide/downloads Greetings, Mr. eXoDia |
V0012 Released:
- fixed weird BSOD with NtQueryInformationProcess - better installation guide - various code fixes Source: https://bitbucket.org/mrexodia/titanhide Download: https://bitbucket.org/mrexodia/titanhide/downloads Greetings, Mr. eXoDia |
Updated to V0013!
Changelog: - MIT license - crappy win10 support - fixed some exploits kao found - hopefully now the .sys works on win7 (target = win7 instead of win8.1) Download: https://bitbucket.org/mrexodia/titanhide/downloads |
Quote:
one little question is kaspersky reports. maybe vm or shell detected. so use it in vmware. |
TitanHide technically is a rootkit, so kaspersky is doing a good job detecting it :) Using it in a VM is generally a good idea.
|
Found the solution to this problem while starting service :
"StartService FAILED 6:The handle is invalid." We need to specify the KMDF version in the project , according to this For exemple, in Windows 7, it's 1.9, so under Driver Model Settings, change the following - KMDF Version Major = 1 - KMDF Version Minor = 9 And it's done |
X64dbg and TitanHide it very difficult to update the website to download, can you provide a cloud backup download, Thank you
|
| All times are GMT +8. The time now is 16:46. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX