sc start HyperHideDrv [SC] StartService Failed 31 on Intel x64 Win10 22H2

[SH0CK1NG]

Description

[SC] StartService FAILED 31: device attached to the system is not functioning. Run on.bat with administry, report error code 31

Environment

VMware® Workstation 17 Pro 17.0.0 build-20800274 Physical Machine: Windows 10 Home, 64-bit (Build 19045.2965) 10.0.19045 Physical Machine Processor: Intel(R) Core(TM) i7-10750H CPU @ 2.60GHz 2.59 GHz Virtual Machine: Windows 10 Professional x64 22H2 19045.2965 cmd "bcdedit /set testsigning on" successfully completed and Virtual Machine rebooted The test mode is displayed in the lower right corner of the desktop

VT-x enabled

Hyper-V disabled

Virtualization-Based Security (VBS) disabled

Secure Boot disabled

Dbgview

00000001 0.00000000 [19:46:55.918] [INFORMATION] [DriverEntry:90] HyperVisor On

Regedit

driver path

[SH0CK1NG]

I've tried the suggestions in other issues #32 but still failed.Does anyone else gets an idea? Yes, nested virtualization is disabled by default in hyper-v You should disable VBS, because airhv will not work as long as it is enabled
Originally posted by @Air14 in https://github.com/Air14/HyperHide/issues/33#issuecomment-1480329661

[Air14]

It looks like it failed to get the offsets, but this is strange because this version of Windows is supported. Are you using the latest version of hyperhide?

[SH0CK1NG]

I checked the version of hyperhide,and replaced the old one.It still doesnt work. info: 00000001 0.00000000 [02:02:56.261] [INFORMATION] [DriverEntry:89] HyperVisor On 00000002 0.00000870 [02:02:56.261] [INFORMATION] [DriverEntry:94] Got offsets 00000003 0.00222670 [02:02:56.261] [INFORMATION] [DriverEntry:99] Got code caves 00000004 0.03999590 [02:02:56.292] [INFORMATION] [DriverEntry:104] Got Ssdt 00000005 0.09620370 [02:02:56.355] [INFORMATION] [GetPfnDatabase:28] MmPfnDataBase address 0xffff928000000000 00000006 0.09627020 [02:02:56.355] [INFORMATION] [DriverEntry:109] Hider Initialized 00000007 0.09631810 [02:02:56.355] [INFORMATION] [DriverEntry:117] PsSetCreateThreadNotifyRoutine succeded 00000008 0.09634030 [02:02:56.355] [INFORMATION] [DriverEntry:126] PsSetCreateProcessNotifyRoutine succeded 00000009 0.09641450 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtContinueEx is equal: 0xA1 00000010 0.09645120 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtSetInformationThread is equal: 0xD 00000011 0.09647850 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtQueryInformationProcess is equal: 0x19 00000012 0.09650390 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtQueryObject is equal: 0x10 00000013 0.09653480 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtSystemDebugControl is equal: 0x1BE 00000014 0.09670520 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtSetContextThread is equal: 0x18C 00000015 0.09675200 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtQuerySystemInformation is equal: 0x36 00000016 0.09680780 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtGetContextThread is equal: 0xF3 00000017 0.09682210 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtClose is equal: 0xF 00000018 0.09684250 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtQueryInformationThread is equal: 0x25 00000019 0.09685810 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtCreateThreadEx is equal: 0xC2 00000020 0.09687320 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtCreateFile is equal: 0x55 00000021 0.09688870 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtCreateProcessEx is equal: 0x4D 00000022 0.09691320 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtYieldExecution is equal: 0x46 00000023 0.09698630 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtQuerySystemTime is equal: 0x5A 00000024 0.09705030 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtQueryPerformanceCounter is equal: 0x31 00000025 0.09707430 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtQueryInformationJobObject is equal: 0x14B 00000026 0.09709050 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtCreateUserProcess is equal: 0xC9 00000027 0.09710840 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtGetNextProcess is equal: 0xF8 00000028 0.09712700 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtOpenProcess is equal: 0x26 00000029 0.09714650 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtOpenThread is equal: 0x12F 00000030 0.09717030 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtSetInformationProcess is equal: 0x1C 00000031 0.09740520 [02:02:56.355] [INFORMATION] [hook_function:653] Page already hooked 00000032 0.09747730 [02:02:56.355] [INFORMATION] [hook_function:653] Page already hooked 00000033 0.09756250 [02:02:56.355] [INFORMATION] [hook_function:653] Page already hooked 00000034 0.09761920 [02:02:56.355] [ERROR] [hook_function:638] Requested virtual memory doesn't exist in physical one 00000035 0.09766470 [02:02:56.355] [ERROR] [HookNtSyscalls:1816] NtSystemDebugControl hook failed Now the issue is similar to #30 ,but a little bit different.

[SH0CK1NG]

The version I used is HyperHide_2023-02-16

[GsoyG]

I made the same mistake, but I discovered a very magical thing: Start HyperHideDrv first and then airhv, everything will be normal. If you start airhiv first and then start HyperHideDrv, you will get the above error.

[toriany]

I made the same mistake, but I discovered a very magical thing: Start HyperHideDrv first and then airhv, everything will be normal. If you start airhiv first and then start HyperHideDrv, you will get the above error.

this works for me. thank you.