Log in

View Full Version : Hiding Processes - Tried SSDT not able to perform


ronnie291983
June 9th, 2010, 01:22
Hi,

Had a question abt hiding processes:

i have tried

SSDT hooking - Anti-virus deletes the sys file

the other thing i am thinking abt is open a process (explorer.exe) in debugging mode and allocate memory remotely (inject my code ) and then do a createremotethread. will this work?

Is there any way other of hiding the process?

Indy
June 9th, 2010, 09:35
The process is a pipeline for threads. Accordingly, the process can be found at any time based on the thread. It is impossible to hide. From antivirus possible - they are too primitive.

disavowed
June 9th, 2010, 11:01
What is your reason for wanting to hide the process?

ronnie291983
June 13th, 2010, 00:53
we were writing a software for parental control, so some processes and files needs to be hidden so that closing it doesn't become a child's play

evaluator
June 13th, 2010, 03:22
disavowed, i thought, we already discovered 4U universal reason for doing whatsoever:

>>for christmas sake<<

Indy
June 13th, 2010, 16:54
While the flow is admitted for execution on the processor, he can not control himself. At this time the process is the environment, such as keep the page table, etc. For this you can easily perform detective - such as install ISR and out to the process list.

disavowed
June 13th, 2010, 18:43
Since your goal is to prevent process termination, not to necessarily hide your process, I would recommend preventing process termination as opposed to trying to hide your process.

evaluator, that's why I asked the question I asked.

Elenil
June 17th, 2010, 15:29
Quote:
[Originally Posted by ronnie291983;86885]we were writing a software for parental control, so some processes and files needs to be hidden so that closing it doesn't become a child's play


sounds anti cheat = software protection
no CR3 thread/process cant be hidden