Not working for Win 8.1(ver: 6.3.9600)
koemeet opened this issue · 2 comments
Hi,
I am getting the following logs and tested that it isn't hiding properly:
[TITANHIDE] Device \Device\TitanHide created successfully!
[TITANHIDE] Symbolic link \DosDevices\TitanHide->\Device\TitanHide created!
[TITANHIDE] SSDT RVA: 0x35CA80
[TITANHIDE] SSDT not found...
[TITANHIDE] SSDT RVA: 0x35CA80
[TITANHIDE] SSDT not found...
[TITANHIDE] SSDT RVA: 0x35CA80
[TITANHIDE] SSDT not found...
[TITANHIDE] SSDT RVA: 0x35CA80
[TITANHIDE] SSDT not found...
[TITANHIDE] HooksInit() returned 0
[TITANHIDE] HiderProcessData OK!
[TITANHIDE] HiderProcessData OK!
[TITANHIDE] HiderProcessData OK!
[TITANHIDE] HiderProcessData OK!
[TITANHIDE] HiderProcessData OK!
[TITANHIDE] HiderProcessData OK!
I have ran the TitanHideTest and used TitanHideGUI to hide that process. Then I attached a debugger on it and every debugger check returned 1.
Did Windows update 8.1 recently or something?
Currently I am creating a Windows 7 dual boot to see if it works there.
This is weird, because the RVA is actually correct. Or at least it matches the one on my Windows 8.1 VM, so I assume it's the same kernel. It's working for me though. Do you have a kernel debugger? Set a bp on SSDTFind and see where it's returning NULL (the reason for the "SSDT not found" message). Also use kb to see the call stack, because it looks like SSDTFind is working the first time it's called but not the second for some reason.