Atleast it might hide my detected bot in games
or this method might not work.
--edit
oh its still detected with this method.
hide Process code, good !
-
Andreas Hoetker
- New User
- Posts: 1
- Joined: Mon Jan 29, 2007 9:14 am
- Location: Germany
Mmmh...
I realy think, Ishould say some things by now:
At end7 -> When you are coppying code from a japanese site, pleaae try a little to understand, what you are doing - I think, you don't.
First of all: CloseHandle doesn't close a handle, which is opened by Zw...
Then: The last entry in the list which you are changing, doesen't point to the next entry, but to the end of the list. So HideHook(0) can lead to hard (BSOD) crashes in kernel!
I'm not progging in PB at all, but your way to create a unicode string is very horrible.
Im not sure at all, but it seems that there is an unfixed bug in Windows, which under some conditions could lead to system crashes or hanging programs when opening a security descriptor for writing or reading - I've had this problem several times, and I fixed it by changing priority of my own thread to a lower level.
On Windows2003 Microsoft has changed Security - so you have do write a driver to hide a process. On Vista, it will be so, too.
But - WHY do you wan't do hide a process at all? By my own I know eight methods to find those "hidden" processes - and I'm surely not the best progger in the world
. By "hiding" yourself, you only show the world "here I am, just kill me, I'm malware".
You could use this method (directly write to kernelspace in usermode) for many interesting thing - why use it for writing RootKits ore malware? That's stupid! Look at Sony!!!
I realy think, Ishould say some things by now:
At end7 -> When you are coppying code from a japanese site, pleaae try a little to understand, what you are doing - I think, you don't.
First of all: CloseHandle doesn't close a handle, which is opened by Zw...
Then: The last entry in the list which you are changing, doesen't point to the next entry, but to the end of the list. So HideHook(0) can lead to hard (BSOD) crashes in kernel!
I'm not progging in PB at all, but your way to create a unicode string is very horrible.
Im not sure at all, but it seems that there is an unfixed bug in Windows, which under some conditions could lead to system crashes or hanging programs when opening a security descriptor for writing or reading - I've had this problem several times, and I fixed it by changing priority of my own thread to a lower level.
On Windows2003 Microsoft has changed Security - so you have do write a driver to hide a process. On Vista, it will be so, too.
But - WHY do you wan't do hide a process at all? By my own I know eight methods to find those "hidden" processes - and I'm surely not the best progger in the world
. By "hiding" yourself, you only show the world "here I am, just kill me, I'm malware".You could use this method (directly write to kernelspace in usermode) for many interesting thing - why use it for writing RootKits ore malware? That's stupid! Look at Sony!!!
-
Fluid Byte
- Addict
- Posts: 2336
- Joined: Fri Jul 21, 2006 4:41 am
- Location: Berlin, Germany
omg, here has some peoples with skepticism.
but most peoples are Astute and its good.
I asked a question, but you say Interesting.
wath is passed on your mind? you don't must be insult to other user.
you think that all peoples are subversive and you are a goodman.
if don't know a thing, please ask it befor open your throat.
I'm newbie and its pragmatism that i be interests to things that befor i don't see there.
Rook make mistake with you.
but most peoples are Astute and its good.
I asked a question, but you say Interesting.
wath is passed on your mind? you don't must be insult to other user.
you think that all peoples are subversive and you are a goodman.
if don't know a thing, please ask it befor open your throat.
I'm newbie and its pragmatism that i be interests to things that befor i don't see there.
Rook make mistake with you.