HideToolz is intended for hiding crackers tools from different protection trying define their presence.
1) Hiding processes from all possible ring3 methods of the finding.
2) Hiding windows from enumeration and searching for on the known name.
3) Protection processes from opening on the known pid (as well as from indirect methods of the opening).
4) Parental process emulation (for all visible processes runned from hidden, will be emulated parental process explorer.exe)
5) Protection from rebooting windows (and log all rebooting attempts).
6) Protection from formatting the disk (and log all formatting attempts).
Attention: access of the hidden processes unrestricted, and they can see the real system state.
For impossibility of the finding HideToolz file on disk, is recommended rename file and pack its any packer.
Options to:
(un)Hide process
(un)Protect process
(un)Hide windows
Reboot protection
format protection
Parent process emulation
木什么大作用hook SSDT表..
