Hello!
Xcuse me for my bad english :rolleyes:
How can I get all the EPROCESS and ETHREAD structures from the RING3 ander win2k or XP? I have here Process Hide v1.0 which hides the process by modifing those structures from users priviledge level. But... I'm sorry, but I hardly understand what it does...
Can anyone help me? I need some info on how to get to those structures, maybe some example sources...
Thanx in advance... :stupid: :tongue:
Xcuse me for my bad english :rolleyes:
How can I get all the EPROCESS and ETHREAD structures from the RING3 ander win2k or XP? I have here Process Hide v1.0 which hides the process by modifing those structures from users priviledge level. But... I'm sorry, but I hardly understand what it does...
Can anyone help me? I need some info on how to get to those structures, maybe some example sources...
Thanx in advance... :stupid: :tongue:
Hi, The CHEMI$T
The ETHREAD and EPROCESS structures are inside the kernel area, then you
will need to create a device driver to access these structures.
Process Hide is not effective against Klister, because Joanna Rutkowska
has updated his tool.
To learn how to create device-drivers:
Four-F tutorials link
To learn how to play with kernel:
Fun with Kernel Structures (Plus FU all over again)
To learn EPROCESS and ETHREAD structures, learn how to use WinDBG
Microsoft Debbuging Tools
Good luck, this is a very interesting area :alright:
Regards,
Opcode
The ETHREAD and EPROCESS structures are inside the kernel area, then you
will need to create a device driver to access these structures.
Process Hide is not effective against Klister, because Joanna Rutkowska
has updated his tool.
To learn how to create device-drivers:
Four-F tutorials link
To learn how to play with kernel:
Fun with Kernel Structures (Plus FU all over again)
To learn EPROCESS and ETHREAD structures, learn how to use WinDBG
Microsoft Debbuging Tools
Good luck, this is a very interesting area :alright:
Regards,
Opcode