Hiding process by PID

c++ / delphi package - dll injection and api hooking
Post Reply
poit
Posts: 4
Joined: Sun May 30, 2004 6:01 pm

Hiding process by PID

Post by poit »

Hi,

Does some one know how to hide a process from the taskmanager(win2000)? How to hide a process by PID?

Any source on this one??

Thanks for the replays..

Poit
legion
Posts: 32
Joined: Sat May 15, 2004 7:48 pm

hi

Post by legion »

hi

is it possible to hide an process by pid but the code might be bulky because you need to convert the pid to an filename.if i don't mistake they are an function in madcollection which do that.
the easiest way to hide just an exe bis the exefilename.
it is realy possible and simple.

but firstly before posting an code sample or somes informations i think
you must tell us in which purposes you use it ? it is bad for me to hide an exe in the taskamanger ? :idea:
if madshi agree i can poste the code for that or give you information.

@+
poit
Posts: 4
Joined: Sun May 30, 2004 6:01 pm

Reason

Post by poit »

Hi Again,

Thanks for your reply legion! There is no exact reason to give. I have read about hiding a process by PID on the net somewhere and I just want to know how it's done. It's my hunger for information I think :? For what reason you don't want to give any example source? Is it dangerous for my system?

grzt Poit
poit
Posts: 4
Joined: Sun May 30, 2004 6:01 pm

To Madshi

Post by poit »

Is there any problem why someone should not give me any examplecode for hiding a process by PID? :sceptic:

Grtz Poit
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

You can hide a process by hooking NtQuerySystemInformation in the NT family and by hooking the toolhelp functions in win9x. However, the non-commercial version of madCodeHook doesn't allow that. The reason is simple: Trojans, viruses and backdoors usually try to hide themselves. But I don't want madCodeHook to be used in trojans and such software. So I've decided to not allow hooking of the process enumeration APIs in the non-commercial version. I'm sorry...
poit
Posts: 4
Joined: Sun May 30, 2004 6:01 pm

Post by poit »

Hi,

I understand what you mean. Trojans and virii use these methods too. Thanks for your reply Madshi.

Grtz Poit
Post Reply