Invisible Processes - Why?

[Zack Whittaker \(R2 Mentor\)]

Shurrup you P you can talk! Hehe!

--
Zack Whittaker
Microsoft Beta (Windows Server R2 Beta Mentor)
» ZackNET Enterprises: www.zacknet.co.uk
» MSBlog on ResDev: http://msblog.resdev.net
» ZackNET Forum: www.zacknet.co.uk/forum
» VistaBase: www.vistabase.co.uk
» This mailing is provided "as is" with no warranties, and confers no
rights. All opinions expressed are those of myself unless stated so, and not
of my employer, best friend, mother or cat. Let's be clear on that one!


--- Original message follows ---

 

[Steve Drake]

Are you SURE it can be done?

I would love to see an example, you can sort of hide what you program is
doing by running it from rundll or svchost.

but as for HIDING a PID, I don't think this can be done, hiding from task
manager is not the same as hiding a process.

The root tool kit stuff was done by writing a device driver for the HD that
reported incorrect info back.

Steve

 

[Andre Da Costa [Extended64]]

Good for you... ;-)
--
--
Andre
Windows Connect | http://www.windowsconnected.com
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta

 

[Andre Da Costa [Extended64]]

Maybe its contagious.
--
--
Andre
Windows Connect | http://www.windowsconnected.com
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta

 

[Adahn]

Alright, now that the spam barrage has abated, we may get to the issue at
hand, but I'd rather move the discussion to the Security forums, which is
where the original post should've been in the first place my bad!

 

[Steve Drake]

I have been coding for years, from writing DOS app in C/C++, Win 3 apps in
C/C++, Win32 Apps in C++ and now managed code, and a little VB

I really don't think you can create an invisible process, you can create a
invisible program (eg no window handle), but that completely different. As I
said before, you could hide in another process, with RUNDLL.

please, someone prove me wrong, I would love to see that could that would
make this happen.

Steve

 

[Adahn]

I really don't think you can create an invisible process, you can create a

invisible program (eg no window handle), but that completely different. As
I said before, you could hide in another process, with RUNDLL.

please, someone prove me wrong, I would love to see that could that would
make this happen.

Check the game mentioned in the original post.

I wouldn't have noticed it myself until it crashed to desktop for some
reason, and said that an instance was already running when I tried to
restart it :x

of course, no such instance was visible under Task Manager or tasklist, and
Process Explorer (www.sysinternals.com) couldn't even start; it just froze
up

Now, this game makes it very clear that it's not going to let you have
anything to do with it outside of the game itself heh but the real question
is, how many other apps must be doing the same, hiding not just their
processes but any network connections they might make as well..?

Please respond in the identically named thread on the
microsoft.public.windows.vista.security forums

 

[Steve Drake]

Just been reading up, you can write Kernel mode root kit that can hijack the
internal API that give process lists / count.

Interesting stuff

You can also download it root tool kit tool, this will try to findout if you
have any root kits.

Ta