# Hidden ðºð¦
Hidden has been developed like a solution for reverse engineering and researching tasks. This is a windows driver with a usermode interface which is used for hiding specific environment on your windows machine, like installed RCE programs (ex. procmon, wireshark), vm infrastracture (ex. vmware tools) and etc.
## Features
- hide registry keys and values
- hide files and directories
- hide processes (*experemental, might be not stable*)
- protect specific processes
- exclude specific processes from hiding and protection features
- usermode interface (lib and cli) for working with a driver
and so on
## System requirements
Windows Vista and above, x86 and x64
## Recommended build environment
- Visual Studio 2019
- Windows Driver Kit 10
## Building
Following guide explains how to make a release win32 build
1. Open Hidden.sln using Visual Studio
2. Build **Hidden Package** project with configurations Release, Win32
3. Open build results folder **\<ProjectDir\>\Release**
## Installing
1. Disable a digital signature enforcement on a test machine (bcdedit /set TESTSIGNING ON) and reboot it
2. Copy files from **\<ProjectDir\>\Release\Hidden Package** to a test machine
3. Right mouse click on **Hidden.inf** and choose **Install**
4. Start a driver (sc start hidden)
5. Make sure service is running (sc query hidden)
Important: Keep in mind that the driver bitness have to be the same to an OS bitness
## Hiding
A command line tool **hiddencli** is used for managing a driver. You are able to use it for hiding and unhiding objects, changing a driver state and so on.
To hide a file try the command
```
hiddencli /hide file c:\Windows\System32\calc.exe
```
Want to hide a directory? No problems
```
hiddencli /hide dir "c:\Program Files\VMWare"
```
Registry key?
```
hiddencli /hide regkey "HKCU\Software\VMware, Inc."
```
Maybe a process?
```
hiddencli /hide pid 2340
```
By a process image name?
```
hiddencli /hide image apply:forall c:\Windows\Explorer.EXE
```
To get a full help just type
```
hiddencli /help
```
驱动源码 进程保护_防调试_注册表保护_文件夹保护
需积分: 20 110 浏览量
2022-07-02
21:06:49
上传
评论
收藏 497KB ZIP 举报
驱动源码 进程保护_防调试_注册表保护_文件夹保护 (131个子文件) 
Decoder.c 174KB PsMonitor.c 35KB FormatterBase.c 28KB FsFilter.c 26KB Formatter.c 24KB RegFilter.c 21KB FormatterIntel.c 17KB FormatterATT.c 15KB ExcludeList.c 15KB Device.c 14KB Utils.c 13KB String2.c 13KB Register.c 11KB KernelAnalyzer.c 9KB SharedData.c 8KB DecoderData.c 8KB Configs.c 7KB PsRules.c 7KB Helper.c 6KB FormatterBuffer.c 6KB PsTable.c 6KB Driver.c 4KB MetaInfo.c 3KB Zydis.c 2KB Mnemonic.c 2KB vmware.conf 2KB HiddenTests.cpp 28KB HiddenLib.cpp 23KB Hide.cpp 9KB Helper.cpp 9KB Commands.cpp 8KB HiddenCLI.cpp 7KB Protect.cpp 5KB Ignore.cpp 5KB Query.cpp 3KB State.cpp 1KB Connection.cpp 1KB Hidden.vcxproj.filters 6KB HiddenCLI.vcxproj.filters 2KB Hidden Package.vcxproj.filters 353B HiddenLib.vcxproj.filters 281B HiddenTests.vcxproj.filters 214B .gitignore 703B InstructionDefinitions.inc.h 4.74MB EncodableInstructions.inc.h 1.71MB OperandDefinitions.inc.h 1.34MB DecoderTables.inc.h 833KB EnumMnemonic.inc.h 63KB AccessedFlags.inc.h 53KB DecoderTypes.h 46KB EnumMnemonic.h 46KB Formatter.h 44KB String.h 41KB FormatterStrings.inc.h 39KB SharedData.h 32KB Vector.h 29KB List.h 21KB String.h 17KB Bitset.h 17KB SharedTypes.h 16KB Defines.h 15KB LibC.h 13KB FormatterBase.h 13KB FormatterIntel.h 12KB Comparison.h 12KB Format.h 12KB FormatterBuffer.h 11KB Utils.h 10KB DecoderData.h 10KB EnumRegister.inc.h 10KB Register.h 10KB Status.h 9KB Thread.h 9KB Decoder.h 8KB FormatterATT.h 8KB Types.h 8KB EnumRegister.h 7KB Terminal.h 7KB ArgParse.h 6KB Status.h 6KB Zydis.h 6KB EnumISASet.h 5KB Allocator.h 5KB Memory.h 5KB Synchronization.h 5KB Helper.h 5KB HiddenLib.h 4KB Zycore.h 4KB DeviceAPI.h 4KB MetaInfo.h 3KB InstructionEncodings.inc.h 3KB ShortString.h 3KB EnumInstructionCategory.h 3KB Mnemonic.h 3KB EnumISASet.inc.h 3KB Process.h 3KB Object.h 3KB Commands.h 3KB EnumISAExt.h 2KB Helper.h 2KB共 131 条
- 1
- 2
评论0