Ghost By Illmob Source?

GovernmentSecurity.org > System Security > Windows Systems

extreme

Feb 13 2005, 06:18 PM

Does anyone have source code of Ghost, mady by Illmob...
It is a tool that hides execution of GUI programs..
It is the best of all hiderun programs I've tested, but unforutently it is treated by KAV as a keylogger?!??!... Possiblly by other AVs as well...
So I need a source to make it undetected..

ComSec

Feb 13 2005, 06:33 PM

why not just send a PM to illwill and ask him for it ?

if he has released the source then am sure he will help... if its not released then i dont think he will be happy you asking members for his source if its private ??

illwill

Feb 13 2005, 08:58 PM

.386
.model flat, stdcall
option casemap :none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\shell32.inc
include \masm32\include\masm32.inc
;| Libraries:
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\shell32.lib
includelib \masm32\lib\masm32.lib
.DATA
commandLine dd 0
szName db "GhostExe 1.0 - by: illwill",13,10,0
szDone db " was executed.",13,10,0
cmd db "open",0
.DATA?
szEXE db 256 dup(?)
.CODE
start:
invoke GetCommandLine
mov commandLine, eax
invoke GetCL, 1, addr szEXE
invoke ShellExecute,0,addr cmd, addr szEXE,0,0, SW_HIDE
;invoke WinExec, addr szEXE, SW_HIDE ; either way works
invoke lstrcat,addr szEXE,addr szDone
invoke StdOut, addr szName
invoke StdOut, addr szEXE
invoke ExitProcess, 0
end start

extreme

Feb 13 2005, 09:16 PM

Thanks, was hoping it was made in C++, but I wil manage.. Thanks again...

ComSec

Feb 13 2005, 10:38 PM

i love it when threads end on a sweet note

very good of you.... illwill.... nice one

gman24

Feb 14 2005, 11:15 PM

QUOTE

thanks, was hoping it was made in C++

You can write the same code in C++ if you want, it's an api call.

something probably like this:

(you don't need all these headers, just included them as standard. Has printf and the like.)

#include <windows.h>
#include <stdio.h>
#include <stdlib.h>

int main (int argc, char *argv[])
{

ShellExecute(0, "open", argv[1] ,NULL, NULL, SW_HIDE);

return 0;
}

illwill

Feb 16 2005, 04:14 AM

yea u just need it to get the commandline argument

extreme

Feb 16 2005, 02:42 PM

BTW, Illwill, is it legal for KAV and other AV companyes to mark this program as Keylogger ???
That is very irresponsabile of them..

illwill

Feb 17 2005, 12:27 AM

they can name it whatever they want.. but its their bad for calling it something its not

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.


Help - Search - Member List - Calendar Full Version: Ghost By Illmob Source? GovernmentSecurity.org > System Security > Windows Systems extreme Feb 13 2005, 06:18 PM Does anyone have source code of Ghost, mady by Illmob... It is a tool that hides execution of GUI programs.. It is the best of all hiderun programs I've tested, but unforutently it is treated by KAV as a keylogger?!??!... Possiblly by other AVs as well... So I need a source to make it undetected.. ComSec Feb 13 2005, 06:33 PM why not just send a PM to illwill and ask him for it ? if he has released the source then am sure he will help... if its not released then i dont think he will be happy you asking members for his source if its private ?? illwill Feb 13 2005, 08:58 PM .386 .model flat, stdcall option casemap :none include \masm32\include\windows.inc include \masm32\include\kernel32.inc include \masm32\include\shell32.inc include \masm32\include\masm32.inc ;\| Libraries: includelib \masm32\lib\kernel32.lib includelib \masm32\lib\shell32.lib includelib \masm32\lib\masm32.lib .DATA commandLine dd 0 szName db "GhostExe 1.0 - by: illwill",13,10,0 szDone db " was executed.",13,10,0 cmd db "open",0 .DATA? szEXE db 256 dup(?) .CODE start: invoke GetCommandLine mov commandLine, eax invoke GetCL, 1, addr szEXE invoke ShellExecute,0,addr cmd, addr szEXE,0,0, SW_HIDE ;invoke WinExec, addr szEXE, SW_HIDE ; either way works invoke lstrcat,addr szEXE,addr szDone invoke StdOut, addr szName invoke StdOut, addr szEXE invoke ExitProcess, 0 end start extreme Feb 13 2005, 09:16 PM Thanks, was hoping it was made in C++, but I wil manage.. Thanks again... ComSec Feb 13 2005, 10:38 PM i love it when threads end on a sweet note very good of you.... illwill.... nice one gman24 Feb 14 2005, 11:15 PM QUOTE thanks, was hoping it was made in C++ You can write the same code in C++ if you want, it's an api call. something probably like this: (you don't need all these headers, just included them as standard. Has printf and the like.) #include <windows.h> #include <stdio.h> #include <stdlib.h> int main (int argc, char *argv[]) { ShellExecute(0, "open", argv[1] ,NULL, NULL, SW_HIDE); return 0; } illwill Feb 16 2005, 04:14 AM yea u just need it to get the commandline argument extreme Feb 16 2005, 02:42 PM BTW, Illwill, is it legal for KAV and other AV companyes to mark this program as Keylogger ??? That is very irresponsabile of them.. illwill Feb 17 2005, 12:27 AM they can name it whatever they want.. but its their bad for calling it something its not This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.