PureBasic Forums - English

http://www.purebasic.com
https://www.purebasic.fr/english/

hide Process code, good !

https://www.purebasic.fr/english/viewtopic.php?t=25509

Page 2 of 2

Posted: Wed Jan 24, 2007 1:44 pm
by JCV
Looks useful for me. :D
Atleast it might hide my detected bot in games :lol:
or this method might not work.

--edit

oh its still detected with this method. :lol:

Posted: Wed Jan 24, 2007 5:05 pm
by SFSxOI
what if you hide the game its self ;)

Posted: Thu Jan 25, 2007 2:18 am
by JCV
I dont think it will work. :(
The game uses a 3rd party protection like gameguard.
The only way is unhooking it or killing the created thread that monitors detection.

Posted: Thu Jan 25, 2007 2:24 am
by SFSxOI
hide the thread? :)

Just guessing. I don't have any use for this really but I got curious about it.

for gameguard I think you have to do a system wide hook first.

Posted: Mon Jan 29, 2007 9:53 am
by Andreas Hoetker
Mmmh...

I realy think, Ishould say some things by now:
At end7 -> When you are coppying code from a japanese site, pleaae try a little to understand, what you are doing - I think, you don't.
First of all: CloseHandle doesn't close a handle, which is opened by Zw...
Then: The last entry in the list which you are changing, doesen't point to the next entry, but to the end of the list. So HideHook(0) can lead to hard (BSOD) crashes in kernel!

I'm not progging in PB at all, but your way to create a unicode string is very horrible. :D

Im not sure at all, but it seems that there is an unfixed bug in Windows, which under some conditions could lead to system crashes or hanging programs when opening a security descriptor for writing or reading - I've had this problem several times, and I fixed it by changing priority of my own thread to a lower level.

On Windows2003 Microsoft has changed Security - so you have do write a driver to hide a process. On Vista, it will be so, too.

But - WHY do you wan't do hide a process at all? By my own I know eight methods to find those "hidden" processes - and I'm surely not the best progger in the world :wink: . By "hiding" yourself, you only show the world "here I am, just kill me, I'm malware".

You could use this method (directly write to kernelspace in usermode) for many interesting thing - why use it for writing RootKits ore malware? That's stupid! Look at Sony!!!

Posted: Fri Aug 29, 2008 5:34 pm
by Alireza
is there a code for vista?
this code good work on xp sp2 but can't hide process in vista.

Posted: Fri Aug 29, 2008 5:42 pm
by Fluid Byte
I say what Rook said: Interesting ..... Image

Posted: Sat Aug 30, 2008 6:13 am
by Alireza
omg, here has some peoples with skepticism.
but most peoples are Astute and its good.
I asked a question, but you say Interesting.
wath is passed on your mind? you don't must be insult to other user.
you think that all peoples are subversive and you are a goodman.
if don't know a thing, please ask it befor open your throat.

I'm newbie and its pragmatism that i be interests to things that befor i don't see there.
Rook make mistake with you. :twisted:
All times are UTC+01:00
Page 2 of 2

Powered by phpBB® Forum Software © phpBB Limited