Unable to connect to rootkit INVALID_HANDLE_VALUE

[ozohhub]

I disabled DSE and even tried on test mode but can't load the driver. How can i fix this? @ZeroMemoryEx

[ZeroMemoryEx]

Hello @ozohhub ,the rootkit currently works only when DSE is disabled, You can disable DSE by opening cmd as an administrator and running the following command:

bcdedit /set testsigning on

Waiting for your feedback and happy hacking!

[ozohhub]

I tried testsigning on but still can’t load the driver. Is there a specific way to load the driver? (Like command: sc create asdf) I also tried installing the driver with the inf file from this repo but didn’t work. @ZeroMemoryEx

[ZeroMemoryEx]

@ozohhub Did you place the driver chaos-rootkit.sys in the same directory as rin3-gui.exe? Also, can you run DbgView, then run the rootkit and send a screenshot of the output in DbgView?

[ZeroMemoryEx]

also you should run the ring3-gui.exe as an administrator @ozohhub

[ozohhub]

@ZeroMemoryEx sorry for the delay.

[ZeroMemoryEx]

hello @ozohhub did you enable test signing mode ?

[ZeroMemoryEx]

From what I can see in DebugView, the driver didn't load

[ozohhub]

@ZeroMemoryEx I also tried on test mode but didn't work.

[ZeroMemoryEx]

Hello @ozohhub , that's weird it should work in test mode, can you please run the cmd as an administrator and execute the following commands:

• sc stop Chaos-Rootkit
• sc delete Chaos-Rootkit

After that, try running ring3-gui again. If it still doesn't work, please download the OSR program, unzip it and run it as an administrator then browser and select chaos-rootkit.sys, then press Register Service followed by Start Service.

Once you press Start Service, please send me a screenshot of the output in the pop-up.

[ozohhub]

@ZeroMemoryEx It says 'A device attached to the system is not functioning'

[ZeroMemoryEx]

@ozohhub Ah yes, that error occurs because the driver returns STATUS_UNSUCCESSFUL during the offset initialization part. I should be more precise with the error details, haha. Your Windows build is incompatible; the rootkit currently supports the following builds: 17763, 18362, or 19045. You may need to use one of those.

[ozohhub]

@ZeroMemoryEx I see. thanks for the help

[ZeroMemoryEx]

Hello @ozohhub , I’ve made an update. Now, when your system version is not supported, it won’t restrict you from everything. Instead, it will only limit access to features that require offsets, while allowing access to those that don’t. You can download this update in the release. Looking forward to your feedback!