Skip to content

SLAUC91/DLLHiding

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
DLLHiding
DLLHiding
 
 
DLLHiding.sln
DLLHiding.sln
 
 
README.md
README.md
 
 

Repository files navigation

DLLHiding

Hiding x32/x64 Modules using PEB

##Summary A simple command-line application to Hide DLLs in any Windows Process. Works on both x32 and x64 Processes.

It should work on all platforms from Windows XP to Windows 8. Currently only tested on Windows 7.

Every Process maintains internal set of loaded Modules/DLLs in the form of three linked lists within the PE Block.

  • Load Order List
  • Memory Order List
  • Initialization Order List

##Commands To run in console:

  • DLLHiding32.exe "Process Name" "DLL Name"
  • DLLHiding64.exe "Process Name" "DLL Name"

##Limitations Should effectively hide modules from all user mode applications. Application with Kernel Mode Access can enumerate the hidden modules such applications include Process Explorer as the Kernel Object remains unchanged. Additionally user mode applications can enumerate the memory of an application using NtQueryVirtualMemory() and find the modules.

See: https://github.com/SLAUC91/DLLFinder

##Motivation I could not find any source code or support for x64 processes to test some internal software solutions so I developed this application.

About

Hiding x32/x64 Modules/DLLs using PEB

Resources

Readme
Activity

Stars

64 stars

Watchers

7 watching

Forks

26 forks
Report repository

Releases 1

DLLHiding Latest
Jun 6, 2015

Packages

No packages published

Languages