Hello, XaFF, I've found that using RemoveTheLinks to hide processes can lead to a system blue screen after a while, with the error code 'CRITICAL STRUCTURE CORRUPTION'. Have you encountered this before? Thanks!

XaFF-XaFF / Cronos-Rootkit

Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.

MIT License

842 stars 181 forks source link

Hello, XaFF, I've found that using RemoveTheLinks to hide processes can lead to a system blue screen after a while, with the error code 'CRITICAL STRUCTURE CORRUPTION'. Have you encountered this before? Thanks! #15

Closed SyncsoftDevelopers closed 5 months ago

SyncsoftDevelopers commented 5 months ago

Hello, XaFF, I've found that using RemoveTheLinks to hide processes can lead to a system blue screen after a while, with the error code 'CRITICAL STRUCTURE CORRUPTION'. Have you encountered this before? Thanks!

XaFF-XaFF commented 5 months ago

Hello, it is cause by PatchGuard, which is a protection embedded into Windows used to check if there were made any changes in the memory. The only possible way to hide process, which is modifying kernel memory and is triggering blue screens, is by disabling PatchGuard with a bootkit.

SyncsoftDevelopers commented 5 months ago

Thank you for your answer, I really appreciate it. It's very helpful to me.

XaFF-XaFF commented 5 months ago

Thank you for your answer, I really appreciate it. It's very helpful to me.

No problem!