HideToolz 2.2(Vista & Windows 7) February 24, 2009Posted by reversengineering in OTHER, TOOLS.
HideToolz 2.2(终于支持Vista和Windows 7了)
This is version 2.2 of HideToolz. Version 2.1 did not work on Windows Vista SP1 or higher. I have modified the device driver so HideToolz now works on Vista SP1 through Windows 7. -Fyyre
- – -
HideToolz is a configurable GUI based utilility that allows hiding of RCE tools from annoying detection (such as Themida). It does so by kernel mode driver which hooks functions such as NtQueryInformationProcess, NtSetContextThread, NtQuerySystemInformation, NtOpenProcess, NtOpenThread, etc… allowing you to debug ‘protected’ applications easily.
Protection from Windows hooks
Emulation of partent process (sets parent pid of target PID to explorer.exe).
Anti-Anti debug features.
Runs very stable under Windows XP (all service packs). Please be aware some anti-virus detections HideToolz driver as a rootkit – this is basically correct, except HideToolz contains no payload, does not access any network api, etc… if you doubt, disasm the driver yourself.
If you are running Vista SP1+ you need to apply the vista shutdown fix\shutdown_fix_vista_only.reg to
the registry and reboot BEFORE running HideToolz. This patch disables kernel paging of device drivers, and fixes the problem
with BSOD at shutdown. You may apply this patch simply by double clicking the file and clicking “Yes” – this will set:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
DisablePagingExecutive from its default of 0 to 1.