Awesome

Deadlands

Overview

A simple kernel-level rootkit.

Deadlands hides process. It prevents taskmngr from viewing a running process (for example, cmd.exe). Usercode from the project takes the PID of a process to hide, and communicates with our driver through ioctl.

Guidelines

Kenelcode uses DKOM (Direct Kernel Object Manipulation) to hide underlying structures of a process.