How to exclude specific processes from installation?

bytecode77 / r77-rootkit

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

https://bytecode77.com/r77-rootkit

BSD 2-Clause "Simplified" License

1.55k stars 382 forks source link

How to exclude specific processes from installation? #60

Closed CR7SON closed 7 months ago

CR7SON commented 7 months ago

Hello! Thank you for providing such a great program. Is there a way to exclude specific processes during installation using the install.exe? I want to avoid injection into a particular process. I encounter an error when installing while Wallpaper Engine is running.

bytecode77 commented 7 months ago

Since wallpaper engine is an application you have no control over, you can modify this constant and recompile r77. Processes with these filenames will never be injected.

/// <summary>
/// Specifies a list of processes that will not be injected.
/// By default, this list includes processes that are known to cause problems.
/// To customize this list, add custom entries and recompile.
/// </summary>
#define PROCESS_EXCLUSIONS                      { L"MsMpEng.exe", L"MSBuild.exe" }

CR7SON commented 7 months ago

thank you!