{"id":15036123,"url":"https://github.com/jkornev/hidden","last_synced_at":"2025-05-15T16:05:52.604Z","repository":{"id":41160270,"uuid":"61320918","full_name":"JKornev/hidden","owner":"JKornev","description":"🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc","archived":false,"fork":false,"pushed_at":"2022-07-13T21:48:44.000Z","size":681,"stargazers_count":1889,"open_issues_count":13,"forks_count":496,"subscribers_count":67,"default_branch":"master","last_synced_at":"2025-04-07T21:13:55.380Z","etag":null,"topics":["driver","kernel","malware-analysis","rce","registry","rootkit","security","windows"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JKornev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-06-16T19:40:32.000Z","updated_at":"2025-04-05T03:46:40.000Z","dependencies_parsed_at":"2022-07-14T08:32:14.129Z","dependency_job_id":null,"html_url":"https://github.com/JKornev/hidden","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JKornev%2Fhidden","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JKornev%2Fhidden/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JKornev%2Fhidden/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JKornev%2Fhidden/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JKornev","download_url":"https://codeload.github.com/JKornev/hidden/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247730069,"owners_count":20986404,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["driver","kernel","malware-analysis","rce","registry","rootkit","security","windows"],"created_at":"2024-09-24T20:30:13.350Z","updated_at":"2025-04-07T21:14:00.594Z","avatar_url":"https://github.com/JKornev.png","language":"C","readme":"# Hidden 🇺🇦\n\nHidden has been developed like a solution for reverse engineering and researching tasks. This is a windows driver with a usermode interface which is used for hiding specific environment on your windows machine, like installed RCE programs (ex. procmon, wireshark), vm infrastructure (ex. vmware tools) and etc.\n\n## Features\n\n- hide registry keys and values\n- hide files and directories\n- hide processes (*experimental, might be not stable*)\n- protect specific processes\n- exclude specific processes from hiding and protection features\n- usermode interface (lib and cli) for working with a driver\n\nand so on\n\n## System requirements\n\nWindows Vista and above, x86 and x64\n\n## Recommended build environment\n\n- Visual Studio 2019\n- Windows Driver Kit 10\n\n## Building\n\nFollowing guide explains how to make a release win32 build\n1. Open Hidden.sln using Visual Studio\n2. Build **Hidden Package** project with configurations Release, Win32\n3. Open build results folder **\\\u003cProjectDir\\\u003e\\Release**\n\n## Installing\n\n1. Disable a digital signature enforcement on a test machine (bcdedit /set TESTSIGNING ON) and reboot it\n2. Copy files from **\\\u003cProjectDir\\\u003e\\Release\\Hidden Package** to a test machine\n3. Right mouse click on **Hidden.inf** and choose **Install**\n4. Start a driver (sc start hidden)\n5. Make sure service is running (sc query hidden)\n\nImportant: Keep in mind that the driver bitness have to be the same to an OS bitness\n\n## Hiding\n\nA command line tool **hiddencli** is used for managing a driver. You are able to use it for hiding and unhiding objects, changing a driver state and so on.\n\nTo hide a file try the command\n```\nhiddencli /hide file c:\\Windows\\System32\\calc.exe\n```\n\nWant to hide a directory? No problems\n```\nhiddencli /hide dir \"c:\\Program Files\\VMWare\"\n```\n\nRegistry key?\n```\nhiddencli /hide regkey \"HKCU\\Software\\VMware, Inc.\"\n```\n\nMaybe a process?\n```\nhiddencli /hide pid 2340\n```\n\nBy a process image name?\n```\nhiddencli /hide image apply:forall c:\\Windows\\Explorer.EXE\n```\n\nTo get a full help just type\n```\nhiddencli /help\n```\n","funding_links":[],"categories":["\u003ca id=\"b478e9a9a324c963da11437d18f04998\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"c3cda3278305549f4c21df25cbf638a4\"\u003e\u003c/a\u003e内核\u0026\u0026驱动"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjkornev%2Fhidden","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjkornev%2Fhidden","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjkornev%2Fhidden/lists"}