Hidden has been developed like a solution for reverse engineering and researching tasks. This is a windows driver with a usermode interface which is used for hiding specific environment on your windows machine, like installed RCE programs (ex. procmon, wireshark), vm infrastracture (ex. vmware tools) and etc.
- hide registry keys and values
- hide files and directories
- hide processes (experemental, might be not stable)
- protect specific processes
- exclude specific processes from hiding and protection features
- usermode interface (lib and cli) for working with a driver
and so on
Windows Vista and above, x86 and x64
Recommended build environment
- Visual Studio 2019
- Windows Driver Kit 10
Following guide explains how to make a release win32 build
- Open Hidden.sln using Visual Studio
- Build Hidden Package project with configurations Release, Win32
- Open build results folder <ProjectDir>\Release
- Disable a digital signature enforcement on a test machine (bcdedit /set TESTSIGNING ON) and reboot it
- Copy files from <ProjectDir>\Release\Hidden Package to a test machine
- Right mouse click on Hidden.inf and choose Install
- Start a driver (sc start hidden)
- Make sure service is running (sc query hidden)
Important: Keep in mind that the driver bitness have to be the same to an OS bitness
A command line tool hiddencli is used for managing a driver. You are able to use it for hiding and unhiding objects, changing a driver state and so on.
To hide a file try the command
hiddencli /hide file c:\Windows\System32\calc.exe
Want to hide a directory? No problems
hiddencli /hide dir "c:\Program Files\VMWare"
hiddencli /hide regkey "HKCU\Software\VMware, Inc."
Maybe a process?
hiddencli /hide pid 2340
By a process image name?
hiddencli /hide image apply:forall c:\Windows\Explorer.EXE
To get a full help just type