Jump to content

Vb: Hide/mask A Process


Recommended Posts

I wondered if there was anyway to create a program that will hide a process, I have an .exe I didnt create so its compiled and I wondered if there was any way to hide the .exe from the process list so it cant be monitored? Anyway to hide a external .exe from process list?

thx for any help

mike

Link to comment
Share on other sites


I wondered if there was anyway to create a program that will hide a process, I have an .exe I didnt create so its compiled and I wondered if there was any way to hide the .exe from the process list so it cant be monitored? Anyway to hide a external .exe from process list?

On 9x based system this can be done with simple API call (see article at Borland.com). I think it is quite impossible to do this in "normal way" for NT based systems.

Link to comment
Share on other sites

yes there is a way to do it with RegisterServiceProcess API but this only works on 9x as you stated and the following error on NT based: Cant find Dll entry point.

My friend is testing a process scanner to check what programs are running and he said if anything is run it will be picked up, I said if the process is hidden then it wont be found by his scanner which is what im trying to do.

I got some code which will hide the process and rename them to different process names such as explorer etc, I have being trying to change this so it will hide an external exe, Ive attached it if anyone wants a look.

thx for any help

mike

icanhide.zip

Link to comment
Share on other sites

It is not possible to hide process under NT. This is for security reasons, and why MS removed this function from API. Have you tried running the exe as a service via srvany.exe from NT resource kit? The srvany exe will show up in the process list, but not the target exe.

Link to comment
Share on other sites

Your "icanhide" code is very clever, also kinda scary. It looks like it renames a program that is known to always be running (explorer) to the generic "svchost", then disguises itself as explorer. It looks like it wouldn't be too hard to modify this code to hide not only the icanhide program itself, but to find the next running process, also disguise it as svchost and then hide another external process specified in the icanhide code. (or just hide the external target as svchost)

It also looks like this will only hide things from task manager, not a custom scanner.

Any way you do it you have "something" running in the task manager. Don't think it's possible to completely hide, only disguise.

It is well that it is so hard to do this, or virus writers would have used it to render Windows completely unusable.

Link to comment
Share on other sites

  • 1 month later...
  • 1 year later...
is there anyway to do that using vb .net?
Probably impossible. First of all, it's VB, which isn't really a language for low-level systems programming. Secondly, it's .NET, which imposes more restrictions on the execution environment.

Rootkits are coded in C/Asm, even sometimes Delphi, but never in .NET

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.


×
×
  • Create New...