Log in

View Full Version : ARTeam: Hooking Services .exe to hide softice by deroko


Shub-nigurrath
August 8th, 2008, 08:08
Hi all,
another excellent release from deroko, for softice users, full sources included once again!

Quote:
To be honest, this is tool was developed only because I was bored of writing inline
hooks for targets which use advapi32.dll exports to query if SoftICE is active, but
you may use code to hide different kinds of services, instead of hiding SoftICE.

RPC is used to operate services on windows. Most of client side code is implemented
in advapi32.dll. Server side code is however implemented in services.exe.

...

NOTE: For the first time you have to be connected to inet, as tool uses symbol server,
or C:\Symbols\ to parse services.pdb, as it is required to find functions from
services.exe which are not exported, but only available in pdb files...


http://arteam.accessroot.com/releases.html

BR,
Shub

JMI
August 8th, 2008, 12:10
And thanks for sharing this one also and for Deroko's work. And, again, if it hasn't been done already, someone needs to make a CRCETL entry for this tool.

Regards,