[n82freak]

Hi @ all...

I read a lot at last days & weeks.
I Inform me about titanhide and scyllahide because i want make ida (or other Tools) invisible for xtrap (or other antidebugs) to find something interessting in a online Game.

Install scyllahide was no Problem but with titanhide i have a lot things to do but it result in a BSOD! -.-


What i do:

1. I turn off the UAC and my Antivirus.(I am not shure if patchguard was off too because i found no Tool - all i found was infected by some garbadge viruses)

2. I try to install with 'sc create' - Method ! The Service was registred but win7-64bit DriverSign dont accept to start the Driver.

3. I tried to Sign it with a Tool. That works fine but only for win-Test-Mode.

4. I tried now to start with 'Service-Manager'-Method to start the Driver because it save a little bit time for me...

5. Copy the .dll's in the Plugin-Folders at the DBGer-Folders.

6. Starting the Service and after 5-10minutes i get the BSOD X109.

I retry 3x-4x with same result then i uninstall the Driver, Service and Certs. and make the settings like before. System works fine again.


Now - i dont unterstand why get bluescreen ! What did i wrong?

Is there an alternative Driver with same functions for titanhide??
Is there an easier way to make ida/wndbg undetecteble for xtrap & other ???

(I run on win7-64bit sp1 on acer v3-771 with 8gb RAM, Intel Pentium 2020 dualcore + ht/vt with a patched open bios.)

Hope someone here can explain me what's happend and how make it right.

Greetz...

[EP_X0FF]

Bugcheck 109 is a PatchGuard.

In case if you ask why something BSOD:

1) Full name and build version of your OS.
2) Attach minidump.

everything else is useless.

[n82freak]

Hey thanx a lot for this very fast answer.
I did make Screenshots from the important Features of my System.

Windows Version:

Windows Version
winversion.png (22.37 KiB) Viewed 251 times

Updates:

Updates
updates.png (50.54 KiB) Viewed 251 times

Software:

Software
software.png (449.89 KiB) Viewed 251 times

[n82freak]

And the Minidump:

Dump111417-68640-01.zip

(27.94 KiB) Downloaded 8 times

If you need more Infos->tell me, so i can uploads it...

Thx...

[EP_X0FF]

You can collect all basic info about your system by using systeminfo command in cmd prompt

e.g. systeminfo > report.txt

Do you have more minidumps? Exactly with 109 code.

6. Starting the Service and after 5-10minutes i get the BSOD X109.

[n82freak]

This with cmd to get the systeminfos are cool. Never use on this way...

No. This Minidump is the last... the other dumps are not relevant because they are over 1 year old.
Normaly this should be the right - it is from the day where i have the BSOD.


I tried to open the dump - it automatic open in visual2012 - there get a Message that vs2012 these dump cannot open... if u use a specific Tool for it ?

[n82freak]

For patchguard i found a Tool now - i hope it works! Is not easy found one that not infected by some crap..
So i will run the same Prozedure like past again. If it's not work - proberply i get a new BSOD and a fresh dumpfile!!!

:D

[n82freak]

titanservice.png (40.8 KiB) Viewed 238 times

Betriebssystemname: Microsoft Windows 7 Professional
Betriebssystemversion: 6.1.7601 Service Pack 1 Build 7601
Betriebssystemhersteller: Microsoft Corporation
Betriebssystemkonfiguration: Eigenst�dige Arbeitsstation
Betriebssystem-Buildtyp: Multiprocessor Free
Produkt-ID: 00371-177-0000061-85859
Urspr］gliches Installationsdatum: 02.04.2014, 00:49:08
Systemstartzeit: 25.11.2017, 19:01:10
Systemhersteller: Acer
Systemmodell: Aspire V3-731
Systemtyp: x64-based PC
Prozessor(en): 1 Prozessor(en) installiert.
[01]: Intel64 Family 6 Model 58 Stepping 9 GenuineIntel ~2280 MHz
BIOS-Version: Insyde Corp. V2.28, 21.10.2013
Windows-Verzeichnis: C:\Windows
System-Verzeichnis: C:\Windows\system32
Startgerд: \Device\HarddiskVolume1
Systemgebietsschema: de;Deutsch (Deutschland)
Eingabegebietsschema: de;Deutsch (Deutschland)
Zeitzone: (UTC+01:00) Amsterdam, Berlin, Bern, Rom, Stockholm, Wien
Gesamter physikalischer Speicher: 8.010 MB
Verf“barer physikalischer Speicher: 5.957 MB
Virt. Arbeitsspeicher: Maximal: 10.057 MB
Virt. Arbeitsspeicher: Verf“bar: 8.053 MB
Virt. Arbeitsspeicher: z.Z.verwendet: 2.004 MB
Auslagerungsdateipfad(e): C:\pagefile.sys
Hotfix(es): 6 Hotfix(e) installiert.
[01]: KB971033
[02]: KB2664825
[03]: KB2685811
[04]: KB2999226
[05]: KB958488
[06]: KB976902
Netzwerkkarte(n): 4 Netzwerkadapter installiert.
[01]: Bluetooth-Gerд (PAN)
Verbindungsname: Bluetooth-Netzwerkverbindung
[02]: Atheros AR5BWB222 Wireless Network Adapter
Verbindungsname: Drahtlosnetzwerkverbindung
[03]: Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Verbindungsname: LAN-Verbindung
[04]: Microsoft Virtual WiFi Miniport Adapter
Verbindungsname: Drahtlosnetzwerkverbindung 2



Now Titanhide work and no BSOD again...


THX 4 YOUR HELP - THE INFO THAT MY BSOD IS ABOUT PATCHGUARD HELP ME...

:) :) :) :) :)

Solved