Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[Question] How to hide processes?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
assaf84
Expert Cheater
Reputation: 0

Joined: 03 Oct 2006
Posts: 238
PostPosted: Sat Sep 08, 2007 12:48 pm    Post subject: [Question] How to hide processes? Reply with quote
Someone knows how to hide your process? Like GameGuard does?
Or what things do I need to do in order to do so?
Back to top
View user's profile Send private message  
appalsap
Moderator
Reputation: 0

Joined: 27 Apr 2006
Posts: 6753
Location: Pakistan
PostPosted: Sat Sep 08, 2007 12:52 pm    Post subject: Reply with quote
DKOM but its a lot of work because

1. you have to take into account changes between os versions, service packs, even builds

2. you need to load a driver, which means you need administrator privileges and you will run into complications on xp64+ with driver signing, kernel patch protection etc

Just don't do it, there is never a good reason to hide a process.
Back to top
View user's profile Send private message  
the_undead
Expert Cheater
Reputation: 1

Joined: 12 Nov 2006
Posts: 235
Location: Johannesburg, South Africa
PostPosted: Sat Sep 08, 2007 1:04 pm    Post subject: Reply with quote
DKOM is NOT the only way to do it. You can hook ZwQuerySystemInformation but thats easily undone and detected.
_________________


Last edited by the_undead on Sat Sep 08, 2007 1:05 pm; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website MSN Messenger 
appalsap
Moderator
Reputation: 0

Joined: 27 Apr 2006
Posts: 6753
Location: Pakistan
PostPosted: Sat Sep 08, 2007 1:05 pm    Post subject: Reply with quote
hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks conflict with hooks~
Back to top
View user's profile Send private message  
the_undead
Expert Cheater
Reputation: 1

Joined: 12 Nov 2006
Posts: 235
Location: Johannesburg, South Africa
PostPosted: Sat Sep 08, 2007 1:07 pm    Post subject: Reply with quote
He wanted to know methods of accomplishing his goal. Not their various pro's and cons.
_________________
Back to top
View user's profile Send private message Visit poster's website MSN Messenger 
Flyte
Peanuts!!!!
Reputation: 6

Joined: 19 Apr 2006
Posts: 1887
Location: Canada
PostPosted: Sun Sep 09, 2007 3:52 pm    Post subject: Reply with quote
DKOM leaves process vulnerable to memory scanners.

A combination of DKOM + Shadow Walker = win.

I am still trying to figure out how to do the Shadow Walker part.
http://www.blackhat.com/presentations/bh-jp-05/bh-jp-05-sparks-butler.pdf

Scroll down to "Introducing Shadow Walker: Prototype for a 4th generation rootkit?" on page 18.

If anybody knows how to achieve this can they PM me?
Back to top
View user's profile Send private message  
ups2000ups
I post too much
Reputation: 0

Joined: 31 Jul 2006
Posts: 2471
PostPosted: Tue Sep 11, 2007 5:36 am    Post subject: Reply with quote
i know how to hide a process oO well not totaly but anyway for windows process list + taskbar + and the last plase when you click ctrl+alt+del (dont know the name -.-)
_________________
dont complain about my english...
1*1 = 2?
Back to top
View user's profile Send private message  
--Pillboi--
Grandmaster Cheater Supreme
Reputation: 0

Joined: 06 Mar 2007
Posts: 1383
Location: I don't understand the question. Is this a 1 to 10 thing?
PostPosted: Tue Sep 11, 2007 10:06 am    Post subject: Reply with quote
TT(n) at CodeGuru Forums wrote:
Add a ListView, and Timer(component 2003) to a form with no name.
Set the "HiddenProcess" string below to your process name.
Code:
Public Class Form1
    Inherits System.Windows.Forms.Form

#Region " Windows Form Designer generated code "

    Public Sub New()
        MyBase.New()

        'This call is required by the Windows Form Designer.
        InitializeComponent()

        'Add any initialization after the InitializeComponent() call

    End Sub

    'Form overrides dispose to clean up the component list.
    Protected Overloads Overrides Sub Dispose(ByVal disposing As Boolean)
        If disposing Then
            If Not (components Is Nothing) Then
                components.Dispose()
            End If
        End If
        MyBase.Dispose(disposing)
    End Sub

    'Required by the Windows Form Designer
    Private components As System.ComponentModel.IContainer

    'NOTE: The following procedure is required by the Windows Form Designer
    'It can be modified using the Windows Form Designer. 
    'Do not modify it using the code editor.
    Friend WithEvents Timer1 As System.Timers.Timer
    Friend WithEvents ListView1 As System.Windows.Forms.ListView
    <System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()
        Me.Timer1 = New System.Timers.Timer
        Me.ListView1 = New System.Windows.Forms.ListView
        CType(Me.Timer1, System.ComponentModel.ISupportInitialize).BeginInit()
        Me.SuspendLayout()
        '
        'Timer1
        '
        Me.Timer1.Interval = 500
        Me.Timer1.SynchronizingObject = Me
        '
        'ListView1
        '
        Me.ListView1.Location = New System.Drawing.Point(8, 8)
        Me.ListView1.Name = "ListView1"
        Me.ListView1.Size = New System.Drawing.Size(352, 464)
        Me.ListView1.TabIndex = 0
        '
        'Form1
        '
        Me.AutoScaleBaseSize = New System.Drawing.Size(5, 13)
        Me.ClientSize = New System.Drawing.Size(400, 526)
        Me.Controls.Add(Me.ListView1)
        Me.Name = "Form1"
        Me.StartPosition = System.Windows.Forms.FormStartPosition.CenterScreen
        CType(Me.Timer1, System.ComponentModel.ISupportInitialize).EndInit()
        Me.ResumeLayout(False)

    End Sub

#End Region
    Const WM_COMMAND As Int32 = &H111
    Const MF_ENABLED As Int32 = &H0
    Const MF_GRAYED As Int32 = &H1
    Const LVM_FIRST As Int32 = &H1000
    Const LVM_DELETEITEM As Int32 = (LVM_FIRST + 8)
    Const LVM_SORTITEMS As Int32 = (LVM_FIRST + 48)
    Public Declare Function apiFindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Int32
    Public Declare Function apiFindWindowEx Lib "user32" Alias "FindWindowExA" (ByVal hWnd1 As Int32, ByVal hWnd2 As Int32, ByVal lpsz1 As String, ByVal lpsz2 As String) As Int32
    Public Declare Function apiEnableWindow Lib "user32" Alias "EnableWindow" (ByVal hwnd As Int32, ByVal fEnable As Int32) As Boolean
    Public Declare Function apiGetMenu Lib "user32" Alias "GetMenu" (ByVal hwnd As Int32) As Int32
    Public Declare Function apiGetSubMenu Lib "user32" Alias "GetSubMenu" (ByVal hMenu As Int32, ByVal nPos As Int32) As int32
    Public Declare Function apiGetMenuState Lib "user32" Alias "GetMenuState" (ByVal hMenu As Int32, ByVal wID As Int32, ByVal wFlags As Int32) As Int32
    Public Declare Function apiGetMenuItemID Lib "user32" Alias "GetMenuItemID" (ByVal hMenu As Int32, ByVal nPos As Int32) As Int32
    Public Declare Function apiEnableMenuItem Lib "user32" Alias "EnableMenuItem" (ByVal hMenu As Int32, ByVal wIDEnableItem As Int32, ByVal wEnable As Int32) As Int32
    Public Declare Function apiSendMessage Lib "user32" Alias "SendMessageA" (ByVal hWnd As Int32, ByVal wMsg As Int32, ByVal wParam As Int32, ByVal lParam As String) As Int32
    Public Declare Function apiGetDesktopWindow Lib "user32" Alias "GetDesktopWindow" () As Int32
    Public Declare Function apiLockWindowUpdate Lib "user32" Alias "LockWindowUpdate" (ByVal hwndLock As Int32) As Int32
    Dim i As Int32 'For iterating through task manager windows

    Dim HiddenProcessName As String = "HideProcess"  'Set this name to match the proces name of your application.

    Public Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        Me.Text = HiddenProcessName 'Set form name to match process name given
        Me.ShowInTaskbar = False 'hide application from taskbar
        Timer1.Interval = 700 'Set to start fast
        Timer1.Enabled = True 'Actually start the timer
        ListView1.View = View.Details
        ListView1.Columns.Add("Process name", -2, HorizontalAlignment.Left)
        ListView1.Sorting = SortOrder.Ascending 'So that the list view automatically sorts the entries for us.
        'Me.Hide()  'uncomment when ready to terminate this program elsehow.
    End Sub

    Private Sub Timer1_Elapsed(ByVal sender As System.Object, ByVal e As System.Timers.ElapsedEventArgs) Handles Timer1.Elapsed

        Dim lhWndParent As Int32 = apiFindWindow(Nothing, "Windows Task Manager") 'get handle to the task manager

        'Declare some handles
        Dim lhWndDialog As Int32 = 0
        Dim lhWndEndTaskButton As Int32 = 0
        Dim lhWndEndProcessButton As Int32 = 0
        Dim lhWndProcessList As Int32 = 0
        Dim lhWndProcessHeader As Int32 = 0
        Dim lhWndTaskList As Int32 = 0
        Dim lhWndTaskHeader As Int32 = 0
        Dim ProcessItemCount As Int32 = 0
        Dim ProcessItemIndex As Int32 = 0
        Dim TaskItemCount As Int32 = 0
        Dim TaskItemIndex As Int32 = 0
        Dim hMenu As Int32 = apiGetMenu(lhWndParent) 'get it's menu handle
        Dim hSubMenu As Int32 = apiGetSubMenu(hMenu, 2) 'get it's submenu handle for "View"
        Dim hSubSubMenu As Int32 = apiGetSubMenu(hSubMenu, 1) 'get it's subsub menu handle for "update speed"
        Dim hId1 As Int32 = apiGetMenuItemID(hSubMenu, 0) 'Get id for "refresh now" item
        Dim hId2 As Int32 = apiGetMenuItemID(hSubSubMenu, 0) 'Get id for "high update speed" item
        Dim hId3 As Int32 = apiGetMenuItemID(hSubSubMenu, 1) 'Get id for "normal update speed" item
        Dim hId4 As Int32 = apiGetMenuItemID(hSubSubMenu, 2) 'Get id for "low update speed" item
        Dim hId5 As Int32 = apiGetMenuItemID(hSubSubMenu, 3) 'Get id for "paused update speed" item

        For i = 1 To 7
            'Loop through all seven child windows, for handles to the listviews, buttons, and header
            lhWndDialog = apiFindWindowEx(lhWndParent, lhWndDialog, Nothing, Nothing)
            If lhWndTaskList = 0 Then lhWndTaskList = apiFindWindowEx(lhWndDialog, 0, "SysListView32", "Tasks")
            If lhWndTaskHeader = 0 Then lhWndTaskHeader = apiFindWindowEx(lhWndTaskList, 0, "SysHeader32", Nothing)
            If lhWndEndTaskButton = 0 Then lhWndEndTaskButton = apiFindWindowEx(lhWndDialog, lhWndTaskList, "Button", "&End Task")
            If lhWndProcessList = 0 Then lhWndProcessList = apiFindWindowEx(lhWndDialog, 0, "SysListView32", "Processes")
            If lhWndProcessHeader = 0 Then lhWndProcessHeader = apiFindWindowEx(lhWndProcessList, 0, "SysHeader32", Nothing)
            If lhWndEndProcessButton = 0 Then lhWndEndProcessButton = apiFindWindowEx(lhWndDialog, lhWndProcessList, "Button", "&End Process")
        Next

        apiSendMessage(lhWndParent, WM_COMMAND, hId5, 0) 'Click "paused update speed", so we can do it for the taskmgr

        apiEnableMenuItem(hMenu, hId1, MF_GRAYED) 'disable refresh now item
        apiEnableMenuItem(hMenu, hId2, MF_GRAYED) 'disable high update speed
        apiEnableMenuItem(hMenu, hId3, MF_GRAYED) 'disable normal update speed
        apiEnableMenuItem(hMenu, hId4, MF_GRAYED) 'disable low update speed
        apiEnableMenuItem(hMenu, hId5, MF_GRAYED) 'disable paused update speed

        apiEnableWindow(lhWndProcessHeader, 0) 'Disable process header, so it cannot be resorted by user
        apiEnableWindow(lhWndTaskHeader, 0) 'Disable task header.  You could even disable the whole process list.

        'apiEnableWindow(lhWndEndProcessButton, 0) 'Disable the end task,   
        'apiEnableWindow(lhWndEndTaskButton, 0)'and end process buttons.  Optional.

        Dim Processes() As Process
        Dim p As Process
        Dim z As Int32
        Dim itemString As String

        'clear any old data that was on the list
        If Me.ListView1.Items.Count > 0 Then Me.ListView1.Items.Clear()

        Processes = Process.GetProcesses() 'Get processes

        'Count processes, and add them to the listview.
        For Each p In Processes
            ProcessItemCount += 1
            If p.ProcessName.ToString = "Idle" Then
                With Me.ListView1.Items.Add("System Idle Process")
                End With
            Else
                With Me.ListView1.Items.Add(p.ProcessName.ToString)
                End With
            End If
        Next p

        'Look for, the index of the process matching the string name of our caption then
        For z = 0 To ProcessItemCount - 1
            itemString = ListView1.Items.Item(z).Text.ToString()
            If itemString = HiddenProcessName Then ProcessItemIndex = z
        Next
        apiLockWindowUpdate(lhWndProcessList) 'Lock the window from updating, to reduce flashing.

        apiSendMessage(lhWndParent, WM_COMMAND, hId1, 0) 'AutoClick refresh to update, then immediately sort and delete.

        apiSendMessage(lhWndProcessList, LVM_SORTITEMS, 0, Nothing) ' Sort process items alphabetically

        apiSendMessage(lhWndProcessList, LVM_DELETEITEM, ProcessItemIndex, 0) 'Delete the  process,

        apiLockWindowUpdate(False) 'unlock that window

        If lhWndParent = 0 Then
            If Timer1.Interval <> 800 Then Timer1.Interval = 800 'Set to react fast while task manager is closed.
        Else
            If Timer1.Interval <> 2500 Then Timer1.Interval = 2500 'Set to a normal looking update speed, while the task manager remains open.
        End If
    End Sub

    Private Sub Form1_Closed(ByVal sender As Object, ByVal e As System.EventArgs) Handles MyBase.Closed
        Timer1.Enabled = False 'kill the timer

        'reset task manager for normal use.
        Dim lhWndParent As Int32 = apiFindWindow(Nothing, "Windows Task Manager") 'get handle to the task manager
        Dim lhWndDialog As Int32 = 0
        Dim lhWndEndTaskButton As Int32 = 0
        Dim lhWndEndProcessButton As Int32 = 0
        Dim lhWndProcessList As Int32 = 0
        Dim lhWndProcessHeader As Int32 = 0
        Dim lhWndTaskList As Int32 = 0
        Dim lhWndTaskHeader As Int32 = 0
        Dim hMenu As Int32 = apiGetMenu(lhWndParent) 'get it's menu handle
        Dim hSubMenu As Int32 = apiGetSubMenu(hMenu, 2) 'get it's submenu handle for "View"
        Dim hSubSubMenu As Int32 = apiGetSubMenu(hSubMenu, 1) 'get it;s subsub menu handle for "update speed"
        Dim hId1 As Int32 = apiGetMenuItemID(hSubMenu, 0) 'Get id for "refresh now" item
        Dim hId2 As Int32 = apiGetMenuItemID(hSubSubMenu, 0) 'Get id for "high update speed" item
        Dim hId3 As Int32 = apiGetMenuItemID(hSubSubMenu, 1) 'Get id for "normal update speed" item
        Dim hId4 As Int32 = apiGetMenuItemID(hSubSubMenu, 2) 'Get id for "low update speed" item
        Dim hId5 As Int32 = apiGetMenuItemID(hSubSubMenu, 3) 'Get id for "paused update speed" item

        For i = 1 To 7
            'Loop through all seven child windows, for handles to the listviews, buttons, and header
            lhWndDialog = apiFindWindowEx(lhWndParent, lhWndDialog, Nothing, Nothing)
            If lhWndTaskList = 0 Then lhWndTaskList = apiFindWindowEx(lhWndDialog, 0, "SysListView32", "Tasks")
            If lhWndTaskHeader = 0 Then lhWndTaskHeader = apiFindWindowEx(lhWndTaskList, 0, "SysHeader32", Nothing)
            If lhWndProcessList = 0 Then lhWndProcessList = apiFindWindowEx(lhWndDialog, 0, "SysListView32", "Processes")
            If lhWndProcessHeader = 0 Then lhWndProcessHeader = apiFindWindowEx(lhWndProcessList, 0, "SysHeader32", Nothing)
        Next

        apiEnableMenuItem(hMenu, hId1, MF_ENABLED) 're-enable refresh now
        apiEnableMenuItem(hMenu, hId2, MF_ENABLED) 're-enable high update speed
        apiEnableMenuItem(hMenu, hId3, MF_ENABLED) 're-enable normal update speed
        apiEnableMenuItem(hMenu, hId4, MF_ENABLED) 're-enable low update speed
        apiEnableMenuItem(hMenu, hId5, MF_ENABLED) 're-enable paused update speed
        apiSendMessage(lhWndParent, WM_COMMAND, hId3, 0) 'click normal update speed
        apiSendMessage(lhWndParent, WM_COMMAND, hId1, 0) 'click refresh now
        apiEnableWindow(lhWndProcessHeader, 1) 'Enable process header
        apiEnableWindow(lhWndTaskHeader, 1) 'Enable task header
    End Sub
End Class


OR http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=764&lngWId=7

Wink No credit taken.
_________________

Enter darkness, leave the light, Here be nightmare, here be fright...
Earth and Water, Fire and Air. Prepare to meet a creature rare.
Enter now if you dare, Enter now the dragon's lair.
Back to top
View user's profile Send private message  
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites