Ok, I shortly described what needs to happen to modify your hxdef in jimmy's post of his modified version, but I think that everyone should do their own and keep it private because public versions like that will be grabbed in a matter of days (for testing purposes if people upload to KAV then KAV checks the content of all files which get stored on their servers so DONT USE ONLINE CHECKING).

It's not hard, and I'm no guru, but I will help out as much as I can.

Thanks goes to:
george (for helping with compiling and hiding from av)
darkranger (for scanning the files)
holy_father (author of the rootkit, without him nothing could be done)
OK, the things you need are:
XP DDK (filemirrors.com -> xp_ddk.iso)
Visual C++ _or_ Visual Studio .NET
Delphi 7 (borland.com then search for crack on cracks.am)
HxDef 1.00 Source Code (http://rootkit.host.sk)
Winsock 2.2 API for Delphi (http://home.earthlink.net/~akonshin/files/winsock2.zip)
ntifs.h (http://www.insidewindows.info/ntifs.h)
PE Resource Explorer (http://www.wilsonc.demon.co.uk/d7resourceexplorer.htm)
Ok, so download the 1.00 release from rootkit.host.sk, then inside there is a .zip file called src.zip, extract that wherever you want.

The file hxdef100.dpr is the main source of the code, this is where the majority of the work takes place.

First of all, use the replace function (ctrl+r) to replace "hxdef" with any other 5 character string. It must be 5 characters or you need to change offsets later on (which I don't know how to do ).

Next, there are lines like these:
CODE
ServerMailslotNamePart='\\.\mailslot\hxdef-rk100s';
ClientMailslotNamePart='\\.\mailslot\hxdef-rkc';
DriverDeviceName='\\.\HxDefDriver';


Here your hxdef will already be changed thanks to the first step, but the "-rk*" needs to be changed to a "-**" where "**" is any 2 character string.

Lastly in this file, all we change is all "RK_" references to any "**_" reference where "**" is any 2 character string.

Now, in order to compile, you extract the Winsock 2.2 API you downloaded to the _same_ directory that contains your hxdef source code, and also you need to copy all files from the "units" directory (found in src.zip from hxdef release) to your source code directory.

Then hit CTRL+F9 to compile.

All done? Not yet . This compiles our new .exe which is now hidden from all AV, but we need to hide the driver also (to read up on how rootkits actually work hit http://www.rootkit.com). What we do now is edit the driver sources.

Edit driver.c and driver.h in your driver dir from src.zip, and yet again change all references of "hxdef" to another 5 character string the same as in your hxdef100.dpr file.

Next, edit the sources file and change this line
CODE
INCLUDES=c:\ddk\inc


To your inc dir of your DDK installation.

Finally, copy the ntifs.h file to your DDK\inc\wxp directory, choose Start -> Programs -> Development Kits -> Windows DDK 2600 -> Build Environments -> Win XP Free Environment.

This opens up a command window, navigate to the dir with your driver sources, and type build. You should now have your driver.sys file in objfre\i386\ (relative to your driver source directory).

IF you get errors in VS.NET with something to do with "jvc" copy your driver directory to your DDK root folder, and proceed.

Next, open up PE Resource Explorer, select Import -> RC Data, open your .sys file, and then choose Save As -> driver.res in the folder of your hxdef100.dpr file. Now you have updated your driver =D Hit CTRL+F9 in Delphi again to recompile your new hxdef with your new driver.

To hide rdrbs100.dpr just change the reference of hxdef to another 5 character string. I haven't tested this myself, but it should work. Finally to hide your backdoor client from AV (not necessary if you connect from a PC with no AV) just change all references of "hxdef" to another 5 character string. Hit CTRL+F9 for both, and you are done =D. Then follow the instructions in readmeen.txt provided by holy_father in the main hxdef100.zip release file to setup your ini (use the characters to hide the values such as [/"<S>/"tar"<//t<up>"]// so to hide the .ini from AV.

Voila! You are all done. I MAY have missed something, if it doesn't work for you let me know. Hope you enjoy my first tut