Hi,

Had a question abt hiding processes:

i have tried

SSDT hooking - Anti-virus deletes the sys file

the other thing i am thinking abt is open a process (explorer.exe) in debugging mode and allocate memory remotely (inject my code ) and then do a createremotethread. will this work?

Is there any way other of hiding the process?

The process is a pipeline for threads. Accordingly, the process can be found at any time based on the thread. It is impossible to hide. From antivirus possible - they are too primitive.

What is your reason for wanting to hide the process?

we were writing a software for parental control, so some processes and files needs to be hidden so that closing it doesn't become a child's play

disavowed, i thought, we already discovered 4U universal reason for doing whatsoever:

>>for christmas sake<<

While the flow is admitted for execution on the processor, he can not control himself. At this time the process is the environment, such as keep the page table, etc. For this you can easily perform detective - such as install ISR and out to the process list.

Since your goal is to prevent process termination, not to necessarily hide your process, I would recommend preventing process termination as opposed to trying to hide your process.

evaluator, that's why I asked the question I asked.

sounds anti cheat = software protection
no CR3 thread/process cant be hidden