Rootkit & Anti-Rootkit (Windows 10/11 x64 only)
Download : https://github.com/codetronik/KernelV/releases
Built in Visual Studio 2019 + wdk 10.0.19041.0
Tested on Windows 10 Build 19041 64-bit version.
It still works on Windows 11 Build 22000
- Scan binary patterns in kernel drivers
- Hide the driver
- Breaking the chain of LDR_DATA_TABLE_ENTRY(PsLoadedModuleList)
- Breaking the chain of OBJECT_DIRECTORY_ENTRY
- Detect hidden drivers
- Enumerating Object Name
- Scanning "MmLd"(LDR_DATA_TABLE_ENTRY) in Kernel-memory
Enter one binary pattern per line. Patterns cannot be entered in more than two lines.
The delimiter("\r\n") of the pattern is the Enter key.
If you hide ntoskrnl.exe or myself, the next run may fail.
Hiding a driver can cause BSOD. (19 : Loaded module list modification)
The built driver I provide is signed with the "HT Srl" certificate. It is highly likely to be detected in the anti-virus.
As of January 2024, the certificate has been blocked and cannot be executed.