bytecode77
commented
4 months ago Is r77 definitely running at startup? - you can check on that with the Test Console.
Is your $77myapp.exe a desktop application of some kind? Since the executable is started with SYSTEM privileges, it may not work, if it's a desktop app. Can you try something, like charmap.exe or some helloworld.exe to test whether startup doesn't work at all, or whether it just doesn't work with that executable?
Since I cannot debug on your computer, I can recommend ProcessMonitor to monitor the creation of processes, to see whether the process was crearted and crashed - or whether it was not created at all.
Of course, you don't need to restart your PC. You can simply run Install.exe over and over again to test the startup.
MazenNassar
hi, I need some help I run the rootkit through the shellcode like the c# example when I try to make a registery key/value of my file to be added to startup hidden I created the key using cmd: REG ADD HKLM\Software\$77config\startup /v $77myapp /t REG_EXPAND_SZ /d pathto/$77myapp it gets added and I can see it using reg query, but when I restart the device the app doesn't open on startup can you help me? am I doing something wrong?