Hiding your bots - patchguard and kernel modification

Asentrix

Asentrix

Administrator
Owner
Developer
Messages
303
Joined
Oct 2, 2019
Reaction score
78
Points
28
Credits
33,347

I personally believe Jagex monitors running processes on the system to some degree.
Through a few advanced steps, it's actually fully possible to hide processes completely on the system and make them undetectable.
In this guide, we'll be using the "tinybot" virtual machine and vmware workstation to create a patchguard disabled/modified windows 7

Setup & Downloads
We need a few things
• Vmware Workstation 14/15 & Tinybot - (Please read this full guide on how to setup both vmware and tinybot)
• Bypass Pack (Attached to this post)
• Patience

To get started, go ahead and install tinybot on VMWare using the guide provided above.
Once that's installed and the updates have ran, go ahead and get the essentials on the VM
Download here: https://botting.rs/resources/categories/tools.20/

• Winautomation
• Botting.rs Human-like Mouse Movement Wrapper
• Runelite.Plus
• JDK 8


Disabling Patchguard

Once you've installed all of those, restart the virtual machine.
Now that the virtual machine is installed, unzip the Bypass.zip file and extract the contents into a new folder on the desktop.
Run the file "Patch.exe" as administrator.
It will prompt you to type "CONTINUE" in capitals, press enter and the program will run for about 5 minutes patching the system.
Once it says complete you can close it.

Now you need to run "dseo13b.exe" as administrator.
Once you've run it and navigated through to the main menu, run the option "Enable Test mode".

1572464662747.png

Click next, then Exit.
Restart your system, and this time you will be given a new boot option.
"Patch Guard Disabled" - Select this operating system and boot into windows.
1572464748989.png


Patchguard should now be successfully disabled, allowing us to run unsigned drivers and modify the kernel.
This allows us to hide processes.
Now we need to use the final tool "Hidecon.exe"
Run "start-hidecon.bat" as administrator.
A command line will pop up giving you multiple options.
Type the following
Code:
hidecon -ld
"hidecon ld " = Load Driver

Now that the driver is loaded, we can hide our process(s)
Launch your bot, or winautomation.

Type hidecon -l for a list of all running processes once you've ran/opened the bot process.
You will be given a list of running processes.
Look for the PID (Process ID number) for the program you want to hide.
Once you have found the ID, type the following:

Code:
hidecon -ph %PID%
- Replace %PID% with the process ID you wish to hide.

Now your process should be completely hidden, you can check this by going to the Details tab in the task manager.
Do this for all processes you want to hide.
It is a bit tedious, but if you're planning on botting for 6 hours straight or so, an extra level of security doesn't hurt.​
 

Attachments

  • Bypass.zip
    1.4 MB · Views: 31
Last edited:
Top Bottom