Comments (1)
Mattiwatti
commented on May 30, 2024
As far as I know no one who contributes to this repo speaks Chinese. So you'll have a better chance of success asking in English. That said, I ran your question through Google translate and here are some possible things you may or may not be asking, and my answers to them:
Is it possible to hook the SSDT without using virtualization?
Yes, but Patchguard will detect it.
Is it possible to hook the SSDT without using virtualization and without Patchguard detecting it?
Only if you disable Patchguard. In theory this can be done both 'live' (on a running system) and 'offline' (patching a kernel file and booting from that). While working live Patchguard bypasses have been published in the past and will probably continue to be made, they tend to be short-lived as Microsoft patches them quickly. This is why the readme recommends an offline method such as UPGDSED.
Are there any plans to use virtualization to bypass Patchguard detection?
Not that I'm aware of. TH is an anti-anti-debugger that only happens to use rootkit mechanisms to hide its presence from user mode because this is convenient and powerful. However it is trivially detectable by free tools such as GMER which have a kernel mode component. True stealth (i.e. being a 'real' rootkit) is not a design goal; only avoiding detection by usermode anti-debuggers is.
from titanhide.
Related Issues (20)
- Achilles' heel of SSDT Hook ThreadFromDebugger HOT 2
- The variable is assigned to itself
- Windows 10 x64 (1607) A device attached to the system is not functioning.
- PAGE_FAULT_IN_NONPAGED_AREA on Windows 10 x64(19042) HOT 5
- This driver has been blocked from loading HOT 5
- Failed to compile HOT 3
- "sc start TitanHide " return "Failed 2" HOT 1
- Name : Error starting service (577) HOT 1
- Green screen on win11 x64
- Latest build has been deleted
- SystemKernelDebuggerInformationEx is not hided HOT 1
- VMProtect 3.6 (Build 1406) Anti-debug ——TitanHide HOT 1
- titanhide with ida pro HOT 1
- TitanHideGui does not work HOT 1
- Detect Trojan:Script/Phonzy.A!ml inside (TitanHideGUI.exe) x32
- Fail to Start TitanHide Service HOT 2
- FindCaveAddress bug HOT 2
- NtSystemDebugControl Incomplete HOT 1
- navicat16.2.2 for win 无法激活了,可否帮看看
- [request] Provide builds for x86dbg plugin HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from titanhide.