Skip to content

POC Ring3 Windows Rootkit (x86 / x64) - Hide processes and files

License

Notifications You must be signed in to change notification settings

54208039/Basic-Rootkit

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 

Repository files navigation

                       ____             _         ____              __  __   _ __ 
                      / __ )____ ______(_)____   / __ \____  ____  / /_/ /__(_) /_
                     / __  / __ `/ ___/ / ___/  / /_/ / __ \/ __ \/ __/ //_/ / __/
                    / /_/ / /_/ (__  ) / /__   / _, _/ /_/ / /_/ / /_/ ,< / / /_
                   /_____/\__,_/____/_/\___/  /_/ |_|\____/\____/\__/_/|_/_/\__/
                                                                     
                                                                     
                                POC Ring3 Windows Rootkit (x86 / x64)
                                      Hide processes and files

C++ Windows x86 x64

📖 Project Overview :

This is project is a simple Windows ring 3 rootkit. It use my IAT Hook library to perform hooking.

Rootkit functionnalities :

  • Hide processes
  • Hide files

Tested on :

  • Task Manager (Windows 10 - x64)
  • Explorer (Windows 10 - x64)
  • Process Hacker (Windows 10 - x86)

It is working on x86 and x64 applications, you can easily add some new features using the library and using what I already did.

This project is a DLL and can be inject in every application you want to hook, the default prefix identifier is "$pwn".

🚀 Getting Started :

Visual Studio :

  1. Open the solution file (.sln).
  2. Build the project in Debug / Release (x86 / x64)

Other IDE using CMAKE :

You can easily carry this project on CMAKE.

Warning
If you have any linking error when compiling make sure you include "Shlwapi.lib" to the project.

🧪 Demonstration :

Demo.Task.Manager.mp4
Demo.Explorer.mp4

About

POC Ring3 Windows Rootkit (x86 / x64) - Hide processes and files

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C++ 54.9%
  • C 45.1%