A Windows driver with a usermode interface designed to hide and protect processes, files, registry keys, and other system objects for reverse engineering and research purposes.
🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc
This tool is primarily used by security researchers and reverse engineers to conceal specific processes, files, and registry entries on Windows systems, enabling stealthy analysis and testing environments. It helps in hiding monitoring tools and virtual machine artifacts to simulate real-world scenarios or evade detection during research tasks.
The driver requires disabling Windows driver signature enforcement, so it should be used on test or controlled environments only. Process hiding is experimental and may be unstable. The driver bitness must match the OS bitness. Recommended build environment includes Visual Studio 2019 and Windows Driver Kit 10.
Disable digital signature enforcement on a test machine using: bcdedit /set TESTSIGNING ON and reboot
Copy files from <ProjectDir>\Release\Hidden Package to the test machine
Right-click on Hidden.inf and choose Install
Start the driver with: sc start hidden
Verify the service is running with: sc query hidden
Ensure driver bitness matches OS bitnesshiddencli /hide file c:\Windows\System32\calc.exe
Hide a specific file
hiddencli /hide dir "c:\Program Files\VMWare"
Hide a directory
hiddencli /hide regkey "HKCU\Software\VMware, Inc."
Hide a registry key
hiddencli /hide pid 2340
Hide a process by its PID
hiddencli /hide image apply:forall c:\Windows\Explorer.EXE
Hide processes by image name
hiddencli /help
Display full help and usage information