v1.8

Added a new feature: File Protection

File protection means when you activate it on a file, it cannot be deleted, cannot be read, it's basically "locked", nothing can be changed about it.

The next feature would be hiding files using the IRP_MJ_DIRECTORY_CONTROL to filter for directory enumeration.

v1.7 Major

MAJOR UPDATE:

Quality Of Life Updates (ONLY AVAILABLE TO SERVICE DRIVERS):

Added the option for the kernel driver to message back the client about operations done (f.e - If chosen to hide a process, driver will notify if successful or not)

Protection Updates:
Revised protection menu, and added the option to add multiple protections to multiple pids (ACCESS_DENIED protection), as well as to disable.

Full Changelog: protection...major

Next Update:

APC Shellcode Injection.

v1.6

Added a new feature:

Process Protection VIA Callbacks, explanation:

Protecting a process this way will cause an access denied on termination, and also will protect from viewing the memory of the process or writing to it.

v1.5

Added the feature to unprotect a protected process.

v1.4

New Update -
Added the feature to hide DLL's.
Added the feature to unload the Driver only if loaded via a service.

v1.3

Support for Windows 7 and XP has been added.
Garbage code removed.
Bug fixes.

Support for service creation has been added, please use the RootkitDriverService.sys if you wish to use a service, or use the RootkitDriverReflective.sys if you wish to use a reflective mapping method, like KDMapper. (I suggest the first one, way easier and less detectable, also permanent).

Service Creation (Permanent, at system start, not boot):

sc create SERVICENAME type= kernel binPath= "C:\Path\To\RootkitDriverService.sys" start= system

Update - I can't really call this less detectable because the driver is unsigned and you must use testsigning in order to load it in the computer, either that or bring your own vulnerable driver attack, which KDMapper uses (so you'll need the reflective version) (DSE Operates this, you may find solutions to disable DSE, or bypass it entirely, I will not introduce those solutions here.)

v1.1

Added a new feature: Process Hiding

NOTE: All of the features here (Except driver hiding), can not be executed in Windows 11 24H2 10.0.26100, This may only work in Windows 11 & 10 Versions of 22H2/21H2 - 5/9/2025 - fixed in future release, now supports most modern builds.

EXE Must be run with Admin Privs to contact Driver, compile and build the source code if you don't trust the binaries

v1.2

Added new features, Process Protection, termination of process = crash.

v1.1.1

Please read previous release notes, as they contain important info

This release fixes the need for specific windows builds, now the supported ones are:

All Windows 11 Builds
Latest Windows 10 Builds
Latest Windows 7 Build

v1.0

Contains the .exe and .sys file (Run the .exe with admin privileges) (Attach the .sys file to the kernel using KDMapper) (AntiVirus is required to be off)

If you don't trust me, go ahead and build the rootkit yourself, otherwise, run this in a VM.
(this is also a good tool if you want nt authority \ system privs in cmd - 5\6\2025 - not a good remark, just use PsExec.)