LONG oldValue = SSDT->pServiceTable[FunctionIndex];

on x64, oldValue can be 0xff*, take Win8 x64 for example:

kd> dd nt!KiServiceTable
fffff800`8b174d00  ffac52c0 034eac02 04a58c40 02a2b100
fffff800`8b174d10  ffffc400 029f8405 02a54606 02ace485
fffff800`8b174d20  02783101 032be100 030b8340 0309cec0
fffff800`8b174d30  027ea100 02bc6600 0299d200 02b00e01
fffff800`8b174d40  02a05d01 023c7700 028993c2 0286c380
fffff800`8b174d50  033ee600 02b6c501 02b61402 02a54c02
fffff800`8b174d60  02fab201 0277a401 0244b145 0302ee80
fffff800`8b174d70  02407843 ff159c00 049d3a00 02bc7fc0

then the calculation of the address of SSDT functions are wrong.
my fix code is:

-    ULONG oldValue = SSDT->pServiceTable[FunctionIndex];
-    ULONG newValue;
+    LONG oldValue = SSDT->pServiceTable[FunctionIndex];
+    LONG newValue;

-        CodeStart = PE::GetPageBase(Undocumented::GetKernelBase(), &CodeSize, (PVOID)((oldValue >> 4) + SSDTbase));
+        CodeStart = PE::GetPageBase(Undocumented::GetKernelBase(), &CodeSize, (PVOID)((LONGLONG)(oldValue >> 4) + SSDTbase));

-    hHook->SSDTaddress = (oldValue >> 4) + SSDTbase;
+    hHook->SSDTaddress = (LONGLONG)(oldValue >> 4) + SSDTbase;

the code is just work, for reference only. I'm a little headache on the LONG ULONG stuff. Actually, I use the hook code to hook shadow SSDT functions, and finally find the bug.

@lynnux Did you get that working on Windows 10 x64?

I'm on build 15063.447 and my log file states:

[TITANHIDE] FileSize of ntdll.dll is 001D7450!
[TITANHIDE] Failed to find pattern...
[TITANHIDE] SSDT not found...
[TITANHIDE] UndocumentedInit() failed...

Attempting to start the service outputs these errors and responds with:

A device attached to the system is not functioning.

I can compile the source if necessary (Though it's unfortunate that VS2017 doesn't support any version of the WDK)

@RaymondLC92 no idea what version you are using, but "Failed to find pattern" is not in the current version anymore. Try the latest version from here.

@lynnux I'll look into this, thanks for your time to check it! Wouldn't it be enough to simply switch from ULONG to LONG?

Okay @lynnux I think the issue is closed now. @RaymondLC92 I tested on Windows 10 x64 ntoskrnl.exe 10.0.14393.0 with UPGDSED and everything works as expected:

@mrexodia Cloned the repo, compiled and installed, I believe you are right and I somehow had an incorrect version (I had thought it was v14 from the archive I suppose I was wrong).

Everything is perfect now, thanks for this fantastic piece of software!