Hiding process by PID

c++ / delphi package - dll injection and api hooking

Hiding process by PID

Postby poit » Sun May 30, 2004 6:04 pm

Hi,

Does some one know how to hide a process from the taskmanager(win2000)? How to hide a process by PID?

Any source on this one??

Thanks for the replays..

Poit
poit
 
Posts: 4
Joined: Sun May 30, 2004 6:01 pm

hi

Postby legion » Sun May 30, 2004 10:30 pm

hi

is it possible to hide an process by pid but the code might be bulky because you need to convert the pid to an filename.if i don't mistake they are an function in madcollection which do that.
the easiest way to hide just an exe bis the exefilename.
it is realy possible and simple.

but firstly before posting an code sample or somes informations i think
you must tell us in which purposes you use it ? it is bad for me to hide an exe in the taskamanger ? :idea:
if madshi agree i can poste the code for that or give you information.

@+
legion
 
Posts: 32
Joined: Sat May 15, 2004 7:48 pm

Reason

Postby poit » Mon May 31, 2004 9:22 am

Hi Again,

Thanks for your reply legion! There is no exact reason to give. I have read about hiding a process by PID on the net somewhere and I just want to know how it's done. It's my hunger for information I think :? For what reason you don't want to give any example source? Is it dangerous for my system?

grzt Poit
poit
 
Posts: 4
Joined: Sun May 30, 2004 6:01 pm

To Madshi

Postby poit » Mon May 31, 2004 7:19 pm

Is there any problem why someone should not give me any examplecode for hiding a process by PID? :sceptic:

Grtz Poit
poit
 
Posts: 4
Joined: Sun May 30, 2004 6:01 pm

Postby madshi » Tue Jun 01, 2004 9:43 am

You can hide a process by hooking NtQuerySystemInformation in the NT family and by hooking the toolhelp functions in win9x. However, the non-commercial version of madCodeHook doesn't allow that. The reason is simple: Trojans, viruses and backdoors usually try to hide themselves. But I don't want madCodeHook to be used in trojans and such software. So I've decided to not allow hooking of the process enumeration APIs in the non-commercial version. I'm sorry...
madshi
Site Admin
 
Posts: 9774
Joined: Sun Mar 21, 2004 5:25 pm

Postby poit » Tue Jun 01, 2004 12:45 pm

Hi,

I understand what you mean. Trojans and virii use these methods too. Thanks for your reply Madshi.

Grtz Poit
poit
 
Posts: 4
Joined: Sun May 30, 2004 6:01 pm


Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 5 guests