How to hide processes
Processes can be hidden in both Windows (from the Ctrl+alt+delete menu) and Linux (from ps and top).
In windows:
Programs listed as services are not shown up. Prog to hide programs you have not written
Example Borland c code:
//--------------HiddenApp.cpp--------------
#include
#pragma hdrstop
USERES("HiddenApp.res");
USEFORM("Unit1.cpp",Form1);
typedef DWORD (WINAPI *TRegisterServiceProcess)(DWORD,DWORD);
bool registered=false;
//-----------------------------------------------------------------------
void __fastcall reg(bool which) //true=register, false=unregister
{
HMODULE hmod;
TRegisterServiceProcess pReg;
hmod = LoadLibrary("kernel32.dll");
if (!hmod) return;
(FARPROC)pReg = (FARPROC)::GetProcAddress(hmod,"RegisterServiceProcess");
if (!pReg) {FreeLibrary(hmod); return;}
else
{
if (which)
pReg(0,1); //unregister our process
else
pReg(0,0);
}
registered = true;
FreeLibrary(hmod);
}
//-----------------------------------------------------------------------
WINAPI WinMain(HINSTANCE,HINSTANCE,LPSTR,int)
{
try
{
reg(true);
Application->Initialize();
Application->CreateForm(__classid(TForm1), &Form1);
Application->Run();
}
catch (Exception &exception)
{
Application->ShowException(&exception);
}
if (registered) reg(false);
return 0;
}
//--------------eof--------------------------------------------------------
Example delphi code:
unit Unit1;
Interface
uses
Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,
StdCtrls;
type
TForm1 = class (TForm)
Button1 : TButton;
procedure FormDestroy (Sender: TObject);
procedure FormCreate (Sender: TObject);
private
{ private declarations }
public
{ public declarations }
end;
var
Form1 : TForm1;
implementation
{$R *.DFM}
const
RSPSIMPLESERVICE = 1;
RSPUNREGISTERSERVICE = 0;
function RegisterServiceProcess (dwProcessID, dwType: DWord) : DWord;
stdcall; external 'KERNEL32.DLL';
procedure TForm1.FormDestroy (Sender: TObject);
begin
RegisterServiceProcess (GetCurrentProcessID, RSPUNREGISTERSERVICE)
end;
procedure TForm1.FormCreate (Sender: TObject);
begin
RegisterServiceProcess (GetCurrentProcessID, RSPSIMPLESERVICE)
end;
end.
Linux process hiding:
Hiding from logs (Although i see few legal situations where you would need to hide a process you ran). You can change the name of a process so it looks like another process. eg (From Phrack);
#include
#include
int main(argc, argv)
int argc;
char **argv;
{
char *p;
for (p = argv[0]; *p; p++)
*p = 0;
strcpy(argv[0], "rn");
(void) getchar (); /* to allow you to see that ps reports "rn" */
return(0);
}
"Basically, this program waits for a key-stroke and then exits. But, while it's waiting, if you were to lookup the process it would show the name as being "rn". You're just actually re-writing the argument list of the spawned process. This is a good method of hiding your process or program names. Its a good idea to use this method in any "rogue" programs you might not want to be discovered by a system administrator."
Full Version: How To Hide Processes
in win2000/xp is it not working
only workin on 95,98,me
mfg mcq
only workin on 95,98,me
mfg mcq
noob here... o/
can u give me an example to run a progy ( unix)
like pico...wget "http://forums.governmentsecurity.org/index.php"
thx
can u give me an example to run a progy ( unix)
like pico...wget "http://forums.governmentsecurity.org/index.php"
thx
dude can you post a full and working code that works through DOS?
| QUOTE (mcq @ Oct 25 2003, 04:41 PM) |
| in win2000/xp is it not working only workin on 95,98,me mfg mcq |
test it while you rename
| CODE |
hmod = LoadLibrary("kernel32.dll"); |
into
| CODE |
hmod = LoadLibrary("KERNEL32.dll"); |
it is case sensitive
I don't know why, but it is !
//Sry 4 my bad english
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
