Departure Posted May 9, 2013 Posted May 9, 2013 Need some ideas to hiding the process name in task manger of target.... I have a target which I am creating the process in suspended mode and writing bytes to, The target it self checks if there is multiple instants of it self running by using looking for any processes with the same name e.g "target.exe". I could over come this by copying Target.exe and renaming it e.g Target1.exe which would work just fine, But I don't want a folder full of Targets.exe each time I run this loader. Hopefully someone has ideas how to over come this without copying multiple instants of target.exe and renaming them.
ragdog Posted May 9, 2013 Posted May 9, 2013 hi A simply way is this via Enum window and LVM_ Messages http://forum.ragezone.com/f197/source-hide-process-task-manager-709363/ Or you hook the taskMgr by the Native API
Departure Posted May 9, 2013 Author Posted May 9, 2013 Thanks for that ragdog, Now that I think about it... It has nothing to with Task manager as that's just where the user see's it. The target is checking something maybe enumerating all open process and if the target.exe is runnign it will not execute another instants... This where I need to get around that problem so I can run multiple instants of target.exe without closing.. using createprocess I can patch some where to prevent this... the question is where would I look?
kao Posted May 9, 2013 Posted May 9, 2013 (edited) Helper methods (CreateToolhelp32Snapshot, EnumProcesses, etc.) will most likely call NtQuerySystemInformation at some point. So, the best place to patch would be NtQuerySystemInformation with SystemInformationClass = SystemProcessInformation EDIT: or you can just use HideToolz.. Edited May 9, 2013 by kao 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now