windows2012 r2 error about r77-rootkit HOT 7 CLOSED

The reason why I don't support Windows 8 is because I want to reduce workload on testing and adjustments, which is huge effort in a rootkit that would decrease the overall time to spend with useful features.

I haven't tested Windows 8 at all, but with the proper changes you should be able to get it running. It requires some effort on your part in understanding the whole process of installation and injection. In particular, you need to figure out at what stage it fails: Startup, r77 service process initialization, process injection - you can check the Test Console to see whether the rootkit is running in all processes.

Or is your problem that a subset of features is not working in a particular program (Explorer, TaskMgr, etc.)? Can you provide more info so I can lead you to the right direction?

from r77-rootkit.

At present, I manually inject r77-x64.dll into explorer. The good news is that some windows2012 r2 systems can be hidden
But some windows 2012 r2 will not be hidden. What are the possible problems?
Thanks and have a nice day

from r77-rootkit.

So, does that mean the same version of Windows, but r77 works only on some of them?

I think you need to narrow the issue down to something that can be fixed:

• Does the TestConsole detect that Explorer is injected?
• Does a certain feature not work (i.e. hiding by prefix works, but by name doesn't, etc...), or does file hiding work, but not process hiding?
• Can you reproduce the same issue on Windows 10? That would definitely require a bugfix from my side.

from r77-rootkit.

After many days of testing, it has been found that the possible cause of the problem is: multiple instances of r77rootkit have been installed.

from r77-rootkit.

a new problem has been discovered:
If I try to hide the C:\233 directory after hiding C:\233\123.exe, it will fail to hide

from r77-rootkit.

After many days of testing, it has been found that the possible cause of the problem is: multiple instances of r77rootkit have been installed.

Executing the installation process several times is supported. Install.exe will terminate the r77 service and restart it. So, this should be no problem. Does everything work by now, or do you have further questions?

a new problem has been discovered:
If I try to hide the C:\233 directory after hiding C:\233\123.exe, it will fail to hide

Could you please create a new issue, since it's hard to keep track of multiple topics in one GitHub issue. Please provide the values that you stored in the configuration system and the list of files that you expect to be hidden and which ones aren't hidden. That would help a lot in narrowing down and fixing bugs.

from r77-rootkit.

Closed due to inactivity. Please feel free to re-open, if you have new info.

from r77-rootkit.