flat assembler
Message board for the users of flat assembler.

Index > Windows > just out of interest...

Author
Thread Post new topic Reply to topic
mrblobles



Joined: 05 Apr 2007
Posts: 41
mrblobles
is it possible to stop an application from showing up under the processes tab in task manager???

_________________
pokemon on my iPod = awesome
Post 07 Jun 2007, 21:14
View user's profile Send private message MSN Messenger Reply with quote
r22



Joined: 27 Dec 2004
Posts: 805
r22
The task manager uses a List View 32 control to display the data so you'd just have to edit the memory that the control uses.

OpenProcess, ReadProcessMemory, WriteProcessMemory api's.
FYI: if you try it the process memory is unicode so instead of searching for "MyEvilHax0rProg.exe" you'd have to search for "M y E v i l H a x 0 r P r o g . e x e" (spaces=null char).

You might be able to use a subclassing hook like SetWindowLong api.

For my personal enlightenment I coded something similar when I was first learning ASM it renamed explorer.exe to svchost.exe and named my program explorer.exe.

Userland rootkits sometimes do this very naughty stuff.
Post 08 Jun 2007, 02:10
View user's profile Send private message AIM Address Yahoo Messenger Reply with quote
mrblobles



Joined: 05 Apr 2007
Posts: 41
mrblobles
so it can be done using OpenProcess, then ReadProcessMemory and finally WriteProcessMemory???
Post 08 Jun 2007, 19:52
View user's profile Send private message MSN Messenger Reply with quote
mrblobles



Joined: 05 Apr 2007
Posts: 41
mrblobles
can you show me your code so I can have something to follow
Post 09 Jun 2007, 20:39
View user's profile Send private message MSN Messenger Reply with quote
r22



Joined: 27 Dec 2004
Posts: 805
r22
No, since I did this over three years ago the code is in an archive somewhere and I have no interest in hunting it down. Also it is kind of taboo to post potential virus/malware code on the forum.

-Read the MSDN helps on those apis, OpenProcess, ReadProcessMemory, WriteProcessMemory.
-Look at the example code MSDN usually appends to the helps (use google to find more examples).
-Work it out from there.
Post 10 Jun 2007, 11:38
View user's profile Send private message AIM Address Yahoo Messenger Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.