File and process Hiding is not working with windows server

Question

File and process Hiding is not working with windows server

Opened this issue 3 years ago · 4 comments

ymg2006 commented 3 years ago

Hello, thank you for this project. I have been testing V1.0 and V1.1 with a windows server from 1809 B17763.1 to the latest update of windows server 2022.

File-System monitor tests result:

Test 1: create single file, hide it, unhide it
Error, hidden file has been found0
failed!

Registry monitor tests result:

Test 1: create single reg key, hide it, unhide it
successful!
Test 2: create single reg value, hide it, unhide it
successful!

Process monitor prot tests result:

Test 1: attach, test, detach protection
successful!
Test 2: create process, protect, check, unprotect
successful!

Process monitor excl tests result:

Test 1: hide file, add excluded process, check file
Error, hidden file has been found
failed!

Process monitor hide tests result:

Test 1: hide, test, unhide protection
successful!
Test 2: create process, hide, check, unhide
Error, process isn't hidden
failed!

Answer 1 · 2022-06-20T12:57:42.000Z

Hi @ymg2006,

Did you take a release binaries (1.1, 1.0) or tried to compile by your own? This is an important question because release 1.1 doesn't have a process hiding feature and there are about 30 commits since the latest release 1,1. Process hiding feature isn't included to any release so if you want it you have to recompile the latest code by your own.

Regards,
JK

Answer 2 · 2022-06-20T13:06:41.000Z

I hope you are fine.
I have cloned and compiled the latest commit and tested them, moreover all the releases, I also tried on windows 10(1809) and 8.1 because I was suspicious of the base of my windows server(1809) so I started to test with the windows server's first release and updated it as of today. Afterward, I tested with windows server 2022 and this was interesting that neither file hiding nor process hiding did not work on the server edition of windows.

Answer 3 · 2022-06-20T13:21:04.000Z

Ok thanks, sounds like a bug. Did you try to hide something manually using hiddencli tool? Or you just checked an issue by hiddentests?

Answer 4 · 2022-06-20T13:34:18.000Z

I use hidden to hide vmware tools and tested with al-khaser which detects all drivers files which I included to hide inside config. I also thought config is not loading properly and added files manually with hiddencli but it did not hide too.