Is there any way to see so-called "invisible processes" on your comp? These are obviously processes that do not want to be seen.

I just wish there was a way to see all processes regardless of how cleverly they are trying to hide themselves.

I was thinking with Kernel mode softice.

Howdy,

sysinternals.com

Woodmann

Processes per se should not be able to hide (if they don't manage to install ring 0 code or patch the kernel), but the usual ways to hide running code is to inject the code (e.g. through dll injection) as a new thread into an existing process. This can be very hard to detect, and the only reasonable way I can think of is to authenticate all dll:s used by processes (and that would still not be enough if the code is injected directly into the memory space of the target process without injecting a dll, in that case I guess the only way is to monitor all suspicious operations that write data to the memory of other processes, which is even harder).

Hiya

I posted something in response to this, might be interestin', might not

http://www.woodmann.com/forum/showthread.php?t=5547

Thank you.