____             _         ____              __  __   _ __ 
                      / __ )____ ______(_)____   / __ \____  ____  / /_/ /__(_) /_
                     / __  / __ `/ ___/ / ___/  / /_/ / __ \/ __ \/ __/ //_/ / __/
                    / /_/ / /_/ (__  ) / /__   / _, _/ /_/ / /_/ / /_/ ,< / / /_
                   /_____/\__,_/____/_/\___/  /_/ |_|\____/\____/\__/_/|_/_/\__/
                                                                     
                                                                     
                                POC Ring3 Windows Rootkit (x86 / x64)
                                      Hide processes and files

📖 Project Overview :

This is project is a simple Windows ring 3 rootkit. It use my IAT Hook library to perform hooking.

Rootkit functionnalities :

• Hide processes
• Hide files

Tested on :

• Task Manager (Windows 10 - x64)
• Explorer (Windows 10 - x64)
• Process Hacker (Windows 10 - x86)

It is working on x86 and x64 applications, you can easily add some new features using the library and using what I already did.

This project is a DLL and can be inject in every application you want to hook, the default prefix identifier is "$pwn".

🚀 Getting Started :

Visual Studio :

1. Open the solution file (.sln).
2. Build the project in Debug / Release (x86 / x64)

Other IDE using CMAKE :

You can easily carry this project on CMAKE.

Warning
If you have any linking error when compiling make sure you include "Shlwapi.lib" to the project.

🧪 Demonstration :

Demo.Task.Manager.mp4

Demo.Explorer.mp4