GithubHelp home page GithubHelp logo

5l1v3r1 / srvhide Goto Github PK

View Code? Open in Web Editor NEW

This project forked from archercreat/srvhide

0.0 1.0 0.0 19 KB

Simple tool to dump/hide services in services.exe process.

License: The Unlicense

C++ 34.20% CMake 65.80%

srvhide's Introduction

SrvHide

Simple tool to dump/hide services in services.exe process. Once hid the service won't show in services.msc. The tool is based on this blogpost.

Results

C:\Users\john-vm\Desktop\srvhide>srvhide.exe -d
[+] Services.exe PID: 664
[+] Check driver loaded: Success
[+] Protect current process: Success
[*] Services.exe - 0x7ff68a3f0000 - 0xb0000
[+] g_ServicesDB location - 0x7ff68a4905b8
[+] g_ServicesDB - 0x2325260ec70
[*] 0x2325260ec70 - 1394ohci
[*] 0x2325260f030 - 3ware
[*] 0x2325260f4b0 - AarSvc
[*] 0x2325260f690 - ACPI
[*] 0x2325260f8d0 - AcpiDev
...
[*] 0x232528fa420 - UserDataSvc_80c26
[*] 0x232528fa9f0 - WpnUserService_80c26
[*] 0x232528f65b0 - MpKslb488759d

C:\Users\john-vm\Desktop\srvhide>srvhide.exe -s 3ware
[+] Services.exe PID: 648
[+] Check driver loaded: Success
[+] Protect current process: Success
[*] Services.exe - 0x7ff7ecb70000 - 0xb0000
[+] g_ServicesDB location - 0x7ff7ecc105b8
[+] g_ServicesDB - 0x1f87a40e830
[+] Match found. Removing..

Disclaimer

This tool is just a proof of concept develped while learning how windows stores service information. The services.exe is a protected process (PPL) and can not be tampered simply from usermode. SrvHide uses BlackBone driver for reading/writing target process memory.

Build

git clone --recurse-submodules https://github.com/archercreat/srvhide.git
cd srvhide
cmake -B build
cmake --build build

Once built, copy BlackBoneDrv10.sys to srvhide.exe directory.

Usage

.\build\Debug\srvhide.exe
Usage: SrvHide: Hide service in services.exe [options]

Optional arguments:
-h --help       shows help message and exits
-v --version    prints version information and exits
-s --service    Service name to hide [default: ""]
-d --dump       Dump services database [default: false]

srvhide's People

Contributors

archercreat avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.