Thanks @uakbr :) In terms of Learning, I can recommend "The Rootkit Arsenal", it's a good book on rootkits that also provide some hands on examples. There's also a lot of stuff online, however a lot of code posted online is not entirely correct, or it may just be outdated. For example, the NSI_PARAM struct for the TCPView hiding was mostly documented incorrectly, so I had to reverse engineer myself in order to figure out that struct and what each field means.

In this particular issue you posted in, @echotxl suggested a feature to hide GPU usage. However, it's a long process to figure out what particular API calls are responsible and then filter them correctly. So, expect that any new feature will require a lot of work. The only features that were quickly implemented were file & process hiding, because those are already well documented.

from r77-rootkit.

@bytecode77 No issues. But wow you are an insane programmer. It seems google is trying to hide all of the good backdoors/rootkits on the internet, as I only found this one when trying to get PEUnion (Got curious and went to your site)

This is highly beneficial though, as when searched, barely anything comes up about r77 rootkit.

Again. Insane programmer. I wish you luck on your future projects

PS: God it is going to be annoying for me to figure out how to make this work over network lol.

from r77-rootkit.

@KRAFMA you should open another issue instead of posting into an unrelated one. Imagine that several topics are being discussed in one thread.

For a moment I was hoping that somebody figured out how to hide GPU utilization, because honestly, I haven't. But in case anyone has, please feel free to create a pull request or send me a PoC, etc. Because this would be a nice feature to have.

from r77-rootkit.

In Version 1.5.1 GPU usage is hidden

I know that this issue was created 2,5 years ago. I, too, had this task on my ToDo list, but I couldn't figure it out. Something that simple may well require weeks of reverse engineering.

Now I have finally figured out what API's are responsible in providing GPU usage performance counters. Although the creator of this issue may no longer care, this feature is useful and finally implemented.

from r77-rootkit.

Just wanted to let you know, since I haven't yet responded for a long time...

I consider this feature to be useful and I've already analyzed what API's to hook in order to manipulate the GPU statistics. For now, it's on the ToDo list, as I think this feature is a useful addition. However, I'm currently working on the next version of PEunion and at the moment I only fix bugs in r77 until I have more time to work on features again.

from r77-rootkit.

Hi, would you be able to point me in the right direction in terms of learning material to perhaps help out with such a feature? I am fascinated by your work, and I would like to help in this area. Any books, blogs, or academia you could guide me towards would be lovely.

Thanks!

from r77-rootkit.