Hi all.
1)
I would like to hide my program from
1) taskmanager(QuerySystemInformation API): process
2) explorer(QueryDirectoryFile API): file system
and 3) regedit(EnumerateKey API): registry.
Moreover, It is needed to support 64-bit OS environment, e.g.Windows 7, 2008 server.
Is it possible to do these with madCodeHook 3.x?
2)
The demo program 'InjectService.exe' of 'MCHDemos\system wide\HookProcessTermination'
( http://madshi.net/MCHDemos.zip )
doesn't work in my computer(Windows 7 64-bit OS).
It makes an error 'Warning: Restarting failed'.
What could i do for fixing this error?
Thanks in advance.
Is is possible to hide my program?
Re: Is is possible to hide my program?
madCodeHook 2.x does not fully support 64bit OSs, that's why the HookProcessTermination doesn't work properly on your OS. Of course this is not a problem with madCodeHook 3.0.
Hiding a process is technically possible, however, it's considered malware-like behaviour. Because of that madCodeHook has a specific API hook block in it that prevents people from hooking the APIs needed for hiding a process. So I'm sorry to say, but with madCodeHook you can not hide your process. I had to do that because malware programmers kept on misusing madCodeHook. Blocking those APIs from being hookable was one of the counter measures I took to stop malware programmers from misusing madCodeHook.
Hiding a process is technically possible, however, it's considered malware-like behaviour. Because of that madCodeHook has a specific API hook block in it that prevents people from hooking the APIs needed for hiding a process. So I'm sorry to say, but with madCodeHook you can not hide your process. I had to do that because malware programmers kept on misusing madCodeHook. Blocking those APIs from being hookable was one of the counter measures I took to stop malware programmers from misusing madCodeHook.