Comments (5)
The crashes you describe are weird. Is there anything particular about the machine you're testing on? Can you pinpoint what's causing crashes? Might be AV or similar tools that interfere.
To avoid a process being injected, you can do either of the following:
1.) Recommended, if you can modify the executable file: Write the R77_HELPER_SIGNATURE
(0x7268) at file offset 64 to your executable. When this executable starts, it will never be injected. TestConsole.exe
uses this.
2.) Communicate with the r77 service using the control pipe. There's a chapter in the documentation and code examples in C++ and C#. You're looking for CONTROL_R77_PAUSE_INJECTION
and CONTROL_R77_RESUME_INJECTION
. Using the control pipe you can instruct the r77 service to pause injection before you do your critical tasks and then resume afterwards.
from r77-rootkit.
Thanks for ur reply!
I've tried the pause and resume function before, but it cannot keep the process i wanted to hide hiden..
And once the injection is resumed, r77 will also inject into the existing processes, so some unexpected errors may also occur.
In other word, I want to hide only one process and leave other processes running undisturbed (no injection). So the first method you recommend may not be suitable for me, I probably can't make changes to all other executables.
from r77-rootkit.
You need to know that for a process to be hidden, the Task Manager needs to be injected - not the process that you want to hide. Likewise, you need to inject File Explorer to hide files. And since there are many different programs that display lists of files or processes, you need to inject all running processes.
To make an exception and not inject specific processes, you can use one of the two methods that I've mentioned. Another method you can use is to extend the PROCESS_EXCLUSION
constant and recompile r77:
#define PROCESS_EXCLUSIONS { L"MSBuild.exe" }
// Example: { L"MSBuild.exe", L"your_app.exe", L"another_app.exe" }
```
Can you explain a little further what processes start what other processes - and which ones crash upon injection?
from r77-rootkit.
Thank you for patience!
Got it. So the process I want to hide does not need to be injected. Is this understanding correct?
My purpose is to hide my process to bypass the detection of a game's anti-cheat system, so the process of the anti-cheat system must be injected, right?
In fact, there will be an authentication system before entering the game, and I have observed that once this authentication system is injected, it sometimes fails to pass the authentication to enter the game.
And the verification system is not the same process as the anti-cheat system, so what I should do is: Add an exception to the verification system process, and inject the anti-cheat system as usual, right?
Then here's a new problem, I'm not sure if this anti-cheat system has an anti-injection mechanism.....
Sorry forgot to answer the admin mode question you mentioned earlier. I ran TestConsole with AV turned off, but it still crashed without displaying information. I am using win11 KB5028851. can run other processes normally in admin mode.I think there should not be anything particular in my machine?..
from r77-rootkit.
Depending on the game, it could have anti cheat systems that avoid injection - entirely possible...
Yes, to hide your cheat from the game, you must inject all processes that belong to the game. This includes your game, the authentication service process, etc...
You can inject these processes manually, but there will be a small window of time when that process starts and before it's injected, where it can see your cheat. That's why r77 injects processes before they start running by injecting child processes. So, it's recommended to install r77.
Try to extend the process exclusion list to avoid injection where it causes crashes. What you can also do is to de-implement certain features that you suspect cause trouble. You can do this here by commenting the InstallHook
and UninstallHook
of a hook that you wish to remove. Maybe that's worth a try, too... Let me know if you identified a specific hook that causes crashes. I would like to know about such issues and publish bugfixes accordingly.
from r77-rootkit.
Related Issues (20)
- Teaching lessons HOT 5
- Contact information HOT 1
- "MSB3073" Error HOT 4
- r77 rookit injects into PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON process
- Adding a .exe to startup HOT 6
- Help HOT 4
- ControlPipe using Powershell HOT 3
- Help Needed - Happy to pay consulting fees HOT 1
- Help HOT 3
- testconsole won't work HOT 5
- Hiding users (net.exe and lusrmgr.msc) HOT 11
- I discovered new rootkit vulnerability stronger than your rootkit with 0 coding (no admin required) HOT 11
- Issue with BitDefender Partial Detection of r77 and Loss of Persistence HOT 4
- Significant challenge with BitDefender AV (BD) that affects the operation of admin-level processes HOT 2
- #//~~ Long time without talk! ^- ^ [ HELP ] HOT 11
- Install.shellcode HOT 3
- r77 pipes HOT 8
- where to start ?
- [ HELP ] — How I can use the ControlPipe in C# ?? 🥴 HOT 4
- Add Support for The Use of WildCard Characters HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from r77-rootkit.