A forum for reverse engineering, OS internals and malware analysis 

Forum for discussion about kernel-mode development.
 #27087  by kerpow1
 Wed Oct 28, 2015 6:39 pm
Hi,

Since 8.1 and 10 I am no longer able to to hide kernel module from PsLoadedModulesList, previously on 7,Vista,8.0 this worked fine without tampering with PG at all but seems this has now changed.

I am currently doing;

~removed~

Thanks
Last edited by EP_X0FF on Fri Oct 30, 2015 9:46 am, edited 1 time in total. Reason: code removed by topic starter request
 #27092  by china123
 Wed Oct 28, 2015 10:49 pm
Dear LordTristan,

I don't think this forum exists to aid you in pay-hack development.

LdrList tampering was part of the original patchguard lineup in the x64 XP beta, and integrity for this particular structure was carelessly implemented. Thankfully as of 8.1, it is no longer a trivial task for the average developer.