Hiding process

what is the best way to hide a process on windows?

so far my "application" injects itself into notepad.exe or paint.exe if one of them is running (by obtaining the pid then using WriteProcessMemory but now I'm looking for a better method

You don't. Otherwise the OS can't see what it's managing.

>>1
There are hundreds of ways of doing thing. Look into ring3 and ring0 rootkits. Ring3 ones just hook APIs, while ring0 ones either hook SSDT or manipulate system structures and install all kinds of hooks to maintain invisibility. In more extreme cases, the entire system can be virtualized if the CPU supports some ntive forms of virtualization.

If you just want to hide a process from another application, either obscure it somehow or use one of the off-the-shelf rootkits which work well-enough, if it's for your own personal usage (on your own computer that you control).

If those are not suitable enough for you, you can always just inject a dll, or map your code into another process and start a remote thread, effectively running two processes within one. (What is a process? Just a bunch of threads, a shared memory space, handles and some global process properties)

Inject your code in an OS-owned process e.g. the windows session manager (smss.exe)

>>3
Windows allows user apps to run shit in ring0? what the fuck

>>5
In OS driver mode only or through an exploit. I saw a counter strike source ring0 aimbot a while ago, pretty hardcore stuff

>>5
Of course not, but just like in any OS, if you have SYSTEM or root priviledges, you can load drives or other kinds of loadable kernel modules. I don't see a problem with this. I actually see a problem with Microsoft trying to make signing drivers mandatory for NT 6 (Vista,Win7) and their anti-kernel hooking code called Patchguard. However, in reality those measures only affect AV companies and most users that care about those things just disable mandatory driver signature checking and/or hack patchguard themselves to get you the same level of control you had with NT5. Malware writers were also not very bothered by signed drivers and patchguard - their ways of bypassing it included hooking the bootloader and hiding themselves even before Windows is started (and/or hooking into the system as it loads and disable security measures that way) or in less evil ways by adding their own root CA's or in a rather interesting recent twist, having their botnets collect private keys and sometimes they even manage to get keys from legitimate companies (realtek lost some keys last time i remember) and then just sign their drivers with those stolen keys. So in the end, the only losers here are some AV companies and some customers.

just name the process svchost.exe

>>7
Realtek's key was obtained through humans.

>>7,9
stuxnet used realtek's stolen keys too

>>8
I don't permit svchost.exe processes on my computer.

How do I insert a penis into a woman without her noticing?

tldr: How do I root a woman?

Don't mind me. Just testing the image board paladin bot I wrote.

Back to /b/ please.

>>13
Fuck off, ``Faggot''.

>>14
Forgot your sage, you can have one of mine. Just this once though.

>>15
Thanks for reminding me.

polecat kebabs

>>17
Fuck off, ``faggot''.

Newer Posts

---

Don't change these.

Name:		Email:
Entire Thread Thread List