2016-12-04 19:27:46 +00:00
|
|
|
|
2016-12-14 23:29:27 +00:00
|
|
|
hiddencli [mode] [connection] [perform] <command>
|
2016-12-10 11:22:49 +00:00
|
|
|
hiddencli /help
|
2016-12-04 19:27:46 +00:00
|
|
|
|
2016-12-14 23:29:27 +00:00
|
|
|
mode:
|
|
|
|
|
|
|
|
By default perform current commands
|
|
|
|
|
|
|
|
/install [%driver%]
|
|
|
|
Install commands to registry without execution, driver will load them on start. If this flag is set
|
|
|
|
connection parameters shouldn't be set. Optional parameter is used for set valid registry path if
|
|
|
|
driver name is changed, by default "hidden"
|
|
|
|
|
2016-12-23 00:05:09 +00:00
|
|
|
/uninstall [%driver%]
|
|
|
|
Uninstall all configs from registry. This flag is all-sufficient therefore if this flag is set
|
|
|
|
no other parameters and commands should be set after
|
|
|
|
|
2016-12-04 19:27:46 +00:00
|
|
|
connection:
|
2016-12-05 22:37:18 +00:00
|
|
|
|
2016-12-14 23:29:27 +00:00
|
|
|
/gate <%name%>
|
2016-12-23 00:05:09 +00:00
|
|
|
Set specific connection gate name (driver device name)
|
2016-12-04 19:27:46 +00:00
|
|
|
|
2016-12-14 23:29:27 +00:00
|
|
|
perform:
|
|
|
|
|
|
|
|
By default perform one command by one execution
|
|
|
|
|
|
|
|
/multi
|
|
|
|
Enable multiple commands per execution, just type commands one by one without any separator
|
|
|
|
|
2016-12-23 00:05:09 +00:00
|
|
|
/config <%path%>
|
2016-12-14 23:29:27 +00:00
|
|
|
Loads multiple commands from file, each command should be on separate line
|
|
|
|
|
2016-12-04 19:27:46 +00:00
|
|
|
commands:
|
|
|
|
|
2016-12-14 23:29:27 +00:00
|
|
|
/state <on|off>
|
2016-12-12 20:40:35 +00:00
|
|
|
Enable or disable enforcement (hiding, protecting, ignoring etc)
|
|
|
|
|
2016-12-14 23:29:27 +00:00
|
|
|
/query state
|
2016-12-12 20:40:35 +00:00
|
|
|
Get enforcement state
|
2016-12-09 20:27:27 +00:00
|
|
|
|
2016-12-14 23:29:27 +00:00
|
|
|
/hide <file|dir|regval|regkey> <%path%>
|
2016-12-04 19:27:46 +00:00
|
|
|
Hide filesystem or registry object by path
|
|
|
|
|
2016-12-14 23:29:27 +00:00
|
|
|
/unhide <file|dir|regval|regkey> all
|
2016-12-04 19:27:46 +00:00
|
|
|
Unhide all filesystem or registry object by selected type
|
|
|
|
|
2016-12-14 23:29:27 +00:00
|
|
|
/unhide <file|dir|regval|regkey> <%ruleid%>
|
2016-12-04 19:27:46 +00:00
|
|
|
Unhide all filesystem or registry object by selected type and rule ID
|
|
|
|
|
2016-12-14 23:29:27 +00:00
|
|
|
/ignore image [inherit:<none|always|once>] [apply:<fornew|forall>] <%path%>
|
2016-12-04 19:27:46 +00:00
|
|
|
Set rule that allows to see hidden filesystem and registry objects for processes with specific image path
|
|
|
|
|
2016-12-14 23:29:27 +00:00
|
|
|
/unignore <%ruleid%>
|
2016-12-04 19:27:46 +00:00
|
|
|
Remove rule that allows to see hidden filesystem and registry objects by rule ID
|
|
|
|
|
2016-12-14 23:29:27 +00:00
|
|
|
/unignore all
|
2016-12-04 19:27:46 +00:00
|
|
|
Remove all rules that allow to see hidden filesystem and registry objects
|
|
|
|
|
2016-12-14 23:29:27 +00:00
|
|
|
/ignore pid [inherit:<none|always|once>] <%pid%>
|
2016-12-04 19:27:46 +00:00
|
|
|
Turn on abillity to see hidden filesystem and registry objects for specific process by PID
|
|
|
|
|
2016-12-14 23:29:27 +00:00
|
|
|
/unignore pid <%pid%>
|
2016-12-04 19:27:46 +00:00
|
|
|
Turn off abillity to see hidden filesystem and registry objects for specific process by PID
|
|
|
|
|
2016-12-14 23:29:27 +00:00
|
|
|
/protect image [inherit:<none|always|once>] [apply:<fornew|forall>] <%path%>
|
2016-12-04 19:27:46 +00:00
|
|
|
Set rule that allows to enable process protection for processes with specific image path
|
|
|
|
|
2016-12-14 23:29:27 +00:00
|
|
|
/unprotect <%ruleid%>
|
2016-12-04 19:27:46 +00:00
|
|
|
Remove rule that enables process protection by rule ID
|
|
|
|
|
2016-12-14 23:29:27 +00:00
|
|
|
/unprotect all
|
2016-12-04 19:27:46 +00:00
|
|
|
Remove all rules that enable process protection
|
|
|
|
|
2016-12-14 23:29:27 +00:00
|
|
|
/protect pid [inherit:<none|always|once>] <%pid%>
|
2016-12-04 19:27:46 +00:00
|
|
|
Turn on protection for specific process by PID
|
|
|
|
|
2016-12-14 23:29:27 +00:00
|
|
|
/unprotect pid <%pid%>
|
2016-12-04 19:27:46 +00:00
|
|
|
Turn off protection for specific process by PID
|
|
|
|
|
2016-12-14 23:29:27 +00:00
|
|
|
/query process <%pid%>
|
2016-12-12 20:40:35 +00:00
|
|
|
Query information about state of the process by PID
|
2016-12-25 20:56:18 +00:00
|
|
|
|
|
|
|
options:
|
|
|
|
|
|
|
|
inherit:none
|
|
|
|
Disable inheritance of the protected or ignored state
|
|
|
|
|
|
|
|
inherit:once
|
|
|
|
Child process will inherit the same state but its children no
|
|
|
|
|
|
|
|
inherit:always
|
|
|
|
Child process will inherit the same state and its children too
|
|
|
|
|
|
|
|
apply:forall
|
|
|
|
Apply policy for existing processes and for all new processes
|
|
|
|
|
|
|
|
apply:fornew
|
|
|
|
Don't apply policy for existing processes only for new
|