The attached program is interesting.
It hides a process after you put in the PID. Task Master and some others can't see it.

It uses a driver. Wonder if there is a way to do it without one ?

Take care.

f0dder edit: removed attachment.



Posted on 2007-07-10 09:57:35 by skywalker
skywalker:

It uses a driver. Wonder if there is a way to do it without one ?


Based upon my knowledge, there is no way to do this type of thing without a driver as User mode does not have access to the data structures needed to perform such a task.

Posted on 2007-07-10 10:05:55 by madprgmr
This material is at the edge of what we allow here, if not actually crossing it. I'm considering locking the topic or perhaps just removing the attachment.

But first, humor me - mention one single non-malicious use of this?
Posted on 2007-07-11 05:35:35 by f0dder
Learning
Posted on 2007-07-11 08:52:53 by skywalker
Thread locked, pending deletion, attachment removed.
Posted on 2007-07-11 09:02:26 by f0dder
troll?
Posted on 2007-07-12 12:12:41 by Homer

troll?


I don't think so, skywalker has been here for a very long time and I believe "Learning" is a good answer ;) "Learning" took all of us down a weird path at some point or another.

However, I do agree with f0dder - besides enabling malware authors, this thread wouldn't help anyone much at all.
Posted on 2007-07-12 22:41:17 by JimmyClif