Hide Target Process Ideas

[Departure]

Need some ideas to hiding the process name in task manger of target....

 

I have a target which I am creating the process in suspended mode and writing bytes to, The target it self checks if there is multiple instants of it self running by using looking for any processes with the same name e.g "target.exe". I could over come this by copying Target.exe and renaming it e.g Target1.exe which would work just fine, But I don't want a folder full of Targets.exe each time I run this loader. Hopefully someone has ideas how to over come this without copying multiple instants of target.exe and renaming them.

[ragdog]

hi

 

A simply way is this via Enum window and LVM_ Messages

 

http://forum.ragezone.com/f197/source-hide-process-task-manager-709363/

 

Or you hook the taskMgr by the Native API

[Departure]

Thanks for that ragdog, Now that I think about it... It has nothing to with Task manager as that's just where the user see's it. The target is checking something maybe enumerating all open process and if the target.exe is runnign it will not execute another instants... This where I need to get around that problem so I can run multiple instants of target.exe without closing.. using createprocess I can patch some where to prevent this... the question is where would I look?

[kao]

Helper methods (CreateToolhelp32Snapshot, EnumProcesses, etc.) will most likely call NtQuerySystemInformation at some point.

 

So, the best place to patch would be NtQuerySystemInformation with SystemInformationClass = SystemProcessInformation

 

 

EDIT: or you can just use HideToolz..

Edited May 9, 2013 by kao