Module Cloaker v2 (Full x86 and x64 + Unicode and MBCS support)

[Cypher]

Recently I’ve been working on rewriting all of my usermode rootkit code and adding a lot more features to it. The biggest change I want to make (other than adding support for hiding more types of data) is x64 support. So far I have x64 support for the loader, file cloaking, process cloaking, window cloaking, and module cloaking. I may release some of those code for these features, but not yet, still lots more potential bugs that need fixing.

I figured an upgraded module cloaker would be of use to some. There’s no explicit license attached to it, but if you do choose to use it then it must be for non-commercial purposes ONLY. Credits would be appreciated but are not mandatory.

Tested and working on Windows Server 2008 x64 and Windows Vista x86. Should work from XP -> 7 (the last version did and very little has changed across those versions in terms of what I’m modifying). Along with x64 support I also updated the class to support both Unicode and MBCS, so if that was an issue for you with the last version, you’ll be glad to know its (hopefully) gone (I say hopefully because MBCS is not extensively tested, but if you find a bug let me know and I’ll fix it).

There’ s still lots more to work on, so I may release an update in a few weeks, then again I’ve got lots of other stuff that also needs improvements so don’t hold your breath. As Blizzard would say, it will be ready “soon”.

(In case you didn’t get the joke: Soon )

Download:

Cloaker v20090424a

Updates will be posted here if I forget to copy them to MMOwned.

[2dgreengiant]

Your the fgt, nice tho

edit: work on vista x64?

[Cypher]

Your the fgt, nice tho

edit: work on vista x64?

Should work on everything from XP to 7, both x86 and x64. If it doesn't let me know because that would be a fairly major bug.

Anything outside that range is unsupported.

[mordok]

OOOOOOOOOH YES!!!!!!! Thanks cypher, like always outstanding. Gonna try it on x64bits :P ill let you know.

[Cypher]

OOOOOOOOOH YES!!!!!!! Thanks cypher, like always outstanding. Gonna try it on x64bits :P ill let you know.

I'm on Server 2008 x64 so I know it works.

Just not 100% about XP.

[Pixion]

(In case you didn’t get the joke: Soon )

That's near the only thing i understood, and i was really nice xD
( Can't +Rep to you )

[luciferc]

very cool. No need for it for me but is very intresting .

[Nesox]

Now let's write a C# version, kkthx?

[Shynd]

Now that's an interesting ide-... no. No it's not. ****, now you've got me thinking about it. No. Just no.

[Cypher]

Now let's write a C# version, kkthx?

No... just, no...

Now that's an interesting ide-... no. No it's not. ****, now you've got me thinking about it. No. Just no.

Don't do it! Save your soul!

[jjaa]

Thanks Cypher, very nice work!

[ziinus]

Hi, could you please explain how to use it ? ( and would it work if I import your lib in a c# project ? with dllImport )
ty

[Cypher]

Hi, could you please explain how to use it ? ( and would it work if I import your lib in a c# project ? with dllImport )
ty

Go away moron.

[Nesox]

Hi, could you please explain how to use it ? ( and would it work if I import your lib in a c# project ? with dllImport )
ty

Rofl, no sorry that's just ... You have to write 0 to this adress: 0x00993DB8
then it will work and you might have to change the memory protection flags first with Virtual Protect

[SKU]

That's just mean.