____ _ ____ __ __ _ __
/ __ )____ ______(_)____ / __ \____ ____ / /_/ /__(_) /_
/ __ / __ `/ ___/ / ___/ / /_/ / __ \/ __ \/ __/ //_/ / __/
/ /_/ / /_/ (__ ) / /__ / _, _/ /_/ / /_/ / /_/ ,< / / /_
/_____/\__,_/____/_/\___/ /_/ |_|\____/\____/\__/_/|_/_/\__/
POC Ring3 Windows Rootkit (x86 / x64)
Hide processes and files
This is project is a simple Windows ring 3 rootkit. It use my IAT Hook library to perform hooking.
Rootkit functionnalities :
- Hide processes
- Hide files
Tested on :
- Task Manager (Windows 10 - x64)
- Explorer (Windows 10 - x64)
- Process Hacker (Windows 10 - x86)
It is working on x86 and x64 applications, you can easily add some new features using the library and using what I already did.
This project is a DLL and can be inject in every application you want to hook, the default prefix identifier is "$pwn".
- Open the solution file (.sln).
- Build the project in Debug / Release (x86 / x64)
You can easily carry this project on CMAKE.
Warning
If you have any linking error when compiling make sure you include "Shlwapi.lib" to the project.