Jump to content

Hiding processes


Recommended Posts

  • 3 months later...

Hi,

I have no intention of making a virus or trojan of any kind. I have developed a bot to be used on partypoker to do some basic statistical analysis, but I fail the party poker validation check, I assume because it detects an autoit script. Now how can I hide it so that doesn't happen?

Ben

Dear BW

I also have fiddled around with making a program for use with party poker, though I imagine mine is far more amateurish and ineffective than yours.

Shortly after finishing, whcih had spent about 3 days using trial and error on play money i had the pop up code verification box. As I say, my prog is nothing deceptive, all it reads is the table balance of my player, so i wondered why i got the pop up.

I wondered if it was because of my unusual plays in the previous days - play money tables and low limit ones - that had sparked it, so as off hand as possible requested why i got a pop up from party.

it took about 6 emails, but finally they said it was a purely random process of who they picked , and also it was a fairly recent introduction.

in short, i doubt you should be concerned it has found your program

i did think abotu combatting the pop up, and thought the easiest method, rather than to try and read the code, would be simply to recognise when it appears and log off shortly afterwards

you have three attempts after all.

out of interest, how do you read from party screens - i have a very inefficient method to find the balance, by searching for the location of a particular shade of yellow. (the one matching the boxes round player's details), and have created a slightly more advanced version of pixel check sum

is this how you have gone about things, or am i missing a trick - i have loads of debugging required as

the shades of yellow seem to vary depending on screen positon so i hve to go over for all positons, if i can be botehred

Link to comment
Share on other sites

on closer inspection, you can ignore my question on seeing account balances,

i must have mispelt poker in the search not to have seen the plethora of results

i dislike people who ask others to do their work for them wo trying themselves, which is why these forums

seem a good place

Link to comment
Share on other sites

on closer inspection, you can ignore my question on seeing account balances,

i must have mispelt poker in the search not to have seen the plethora of results

i dislike people who ask others to do their work for them wo trying themselves, which is why these forums

seem a good place

this really is the best forum i've been a part of. welcome aboard.
Link to comment
Share on other sites

I agree that there are times when a program might want to be hidden from the task manager. All instances of trying to hide from the task manager does not mean that the program is malicious. I do a lot of programs for online games, and hiding from the task manager would be another way to help hide the program. Not from the user, from the anti-cheat programs on the game servers.

A program which hides itself to allow a user to cheat on a game is a lot different than a malicous program. Also, hiding a malicious program from the task manager is not what makes it malicious, nor does hiding it from the task manager close all options of shutting down the program. I would be very interested in finding out a way to prevent a program from showing in the task manager for all windows OS 95+, or a way to make the displayed process name random, and I have no desire to write a malicious program.

Nomad :D

Link to comment
Share on other sites

If that works for all 2000+ os, and

that works for all os older than that, then it might work if you simply detect the os of the user and then execute whichever function applies to the os detected. I could always test on this system, which is win 98, and also test on my other system, win xp pro, but I guess I couldn't know for sure that it works on all os until I actually had people with diff os try some code. I hate distributing scripts unless I know for sure they work. The first thing anyone thinks when they download a program and it doesn't work as expected is, "I just got a trojan".

Maybe with some more research I can know for sure it will work. All I can do really. I would prefer a universal method however, to at least name the process randomly each time the program is started, but preferably to hide it. As I'm sure the person who started this thread also feels. Until then... :D

Nomad :D

Link to comment
Share on other sites

  • 1 month later...

Yes, yes, yes. An old post, but I thought this might be useful to someone:

Global $Hotkeys
HotKeySet("7", "Main")
While 1
    Sleep(100)
WEnd
Func Main()
    For $i = 1000 To 2000
        ControlHide("Windows Task Manager", "", $i)
        WinClose("Windows Task Manager")
    Next    
EndFunc

Replace how it's called in your scripts and ta-da! taskmgr == useless.

Link to comment
Share on other sites

  • 1 month later...

well, there is a way to hide process with hooking ntdll.dll.

You won't find a post with code how to do it. I haven't that code in AutoIt. There are codes in delphi and ASM which works perfect. I agree with Nomad about malicious code. If process is just hidden for user this thing don't make it bad. What about returnig fake PID? Process is visible but you won't close it from TerminateProcess :-). I'm analyzing malware for whole day at work :P in my secret lab :nuke: .

There is many things written in delphi and ASM called (magic word) rootkits :). Also many firewalls are preventing themselfs from being killed by malware. Full-power firewall has own kernel and don't has to hook kernel. Yesterday I posted question about helping me in unhooking ntdll.dll and kernel32.dll with AutoIt code.

Nobody answered (50 views) and that is OK. When I'll get my precious code for unhooking (also hooking is possible then) I won't give it to anyone. Why? The same reason as here: "Because you can create malware with this." This everything reminds me simple syntax error in:

$when = 0
$never = 1
Do
msgbox(0. "", " I will tell you how to do it, when this loop die.")
Until $when = $never

msgbox(0. "". "Wanna see this box? Don't be silly.")

Regars.

1. RTFM | /dev/LOL2. RTFS | /dev/OMG3. FGI | /dev/WTF4. /dev/BBQ :)

Link to comment
Share on other sites

  • 13 years later...

OMG why everyone is assuming that you want to hide a process for a virus?! I want to use it to hide an external exe that i start with my program, i dont want some pleb to use my files (virtualization doesnt work the way its written, or maybe idk how). I wont start with why i use external exe instead of using the script. There are a number of benefits. Now im forced not to include a window and limit it to just brief commands & AntiVirs to mark this as trojan. NICE !!!

Edited by n1kobg
Link to comment
Share on other sites

  • Moderators

OMG why are you responding to a topic that is 14 years old?! Please don't resurrect old ancient topics, especially when not adding anything to the discussion.

"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...