issue once installed install.exe after that am not able to open some apps

[Rajanvinayak]

hey, thank you very much for the Best rootkit after installed install.exe bro i am facing a issue during open my examshield.it is showing intenal error 00000012 can you please help me to resolve it. hope you will reply soon the app i want to open that is examshield of peoplcert please help me will provide you screenshot

[bytecode77]

That's strange... I will take a look at this, because r77 is not supposed to crash any processes.

In the meantime: You can try to disable certain features of r77 and recompile. You can do this in Hooks.c by removing the InstallHook and UninstallHook of the features you want to disable.

For example, if you only care about hiding processes and files, you only need following hooks:

• NtQuerySystemInformation
• NtResumeThread
• NtQueryDirectoryFile
• NtQueryDirectoryFileEx

In fact, that's my testing procecdure to find out what feature causes a crash, which I will do later this week.

[Rajanvinayak]

Please check and resolve it If not possible Can you please send it to me personally by turnning off other features i need just process hidding feature

[bytecode77]

Here is Install.exe, which I have compiled for you with following changes. The download link is valid for 1 week and the ZIP password is "bytecode77"

I'll do the concrete testing some other time soon...

[bytecode77]

Please check and resolve it

Just wanted to let you know that I'm not a company working full time on r77. In fact, I work on my projects roughly 2-3 hours per week. And it may be a few days before I actually have time to analyze this bug. That's why I just sent you a version that might fix the issue, but I will have to do the actual testing some time later that week.

[Rajanvinayak]

Thank you for your support You are awesome bro I can understand your busy schedule :)

[Rajanvinayak]

bro you sent me install.exe this one is not working same issue showing internal error while opening examshield

and its hanging my laptop after installation es-explorer is not responding after install new install.exe file hope you will provide me other one or trying to fix this issue once you have time :) thank you for everything......

[bytecode77]

Did you install ExamShielf as app, or as a normal Windows program? I have only found a download from the Windows store as an app. And apps run in a sandbox, which is not injected by r77 for various reasons. If you are not using an app, but a full desktop version, could you point me to the download?

[Rajanvinayak]

Bro window store app and direct download as a program both are same and showing same internal error i need to hide process or service name from examshield link for download examshield manually here https://www.peoplecert.org/ways-to-get-certified/olp-guidelines/install-examshield

[bytecode77]

I've reproduced this "error 00000012" message.

Although I'm not sure why this error ocurrs with this particular app (exam shield), I think it might have something to do with what this app itself is doing. For instance, it has some VM detection techniques in Detect.dll. I didn't disassemble the main executable, though.

Download this test build (password: bytecode77) - It contains a hook only for NtQuerySystemInformation - the rest is disabled.

When you start the app, most of the time this error ocurrs right at startup, so you might have to retry starting it up to 10 times, but eventually the error message doesn't appear.

So, the app is no longer crashing. Not sure whether or how the rootkit helps you with your goal, but good luck.