Sign in to follow this  
Followers 0
=sinister=

Help calling a dll

21 posts in this topic

#1 ·  Posted (edited)

Well I found this dll that hides processes from the process list (This is for hiding bots/hacks from a game detection) and well I need help calling the dll. I used PE Explorer to find the function. I tried this:

DllCall("./HideProcess.dll", "int", "HideNtProcess", "short", "testprog.exe")

but that didn't work. But I don't know what to put as the return type. If anyone could help me it would be greatly appreciated. I included the dll as a attachment.

--Edit--

and i'm not sure if it hides other processes or itself.

Removed Attachment till confirmation its safe.

--Attachment added again-- If you don't feel safe, well don't use it of course. it's a simple rootkit.

Edited by Jos

Share this post


Link to post
Share on other sites



Well I found this dll that hides processes from the process list (This is for hiding bots/hacks from a game detection) and well I need help calling the dll. I used PE Explorer to find the function. I tried this:

but that didn't work. But I don't know what to put as the return type. If anyone could help me it would be greatly appreciated. I included the dll as a attachment.

--Edit--

and i'm not sure if it hides other processes or itself.

You're not likely to get any help, especially since you didn't provide where you got it from (like how you know the calls to it other than looking through some editor to find them), and or have the source to it.

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

Not getting any "Good" hit in this DLLname only Spyware shit...

Better not use it til you know its safe and remove it from this thread till you are sure its safe.

:)


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

This page describes a file with the same name and exact szme size .. doesn't sound too good :

http://www.emsisoft.com/en/malware/?Adware...2.Spylab+WebSpy


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

This page describes a file with the same name and exact szme size .. doesn't sound too good :

http://www.emsisoft.com/en/malware/?Adware...2.Spylab+WebSpy

I believe the original name of the dll was Project12.dll.

Edit:

Having said that, and if it's the same... the call is pretty straight forward... Int return... PID to pass.

Edited by SmOke_N

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

Jdeb,

I'm pretty sure it's not a virus or spyware or anything because I paid for it and i've used it with a program before.

I use a program for a game that people call a "bot" but to make sure it doesn't get detected, it hides itself from the process list. HideProcess.dll is pretty much a rootkit, and some people mistake it for a virus because some programs hide itself to do harm.

oh, and smokeN, like this?:

DllCall("./HideProcess.dll", "int", "HideNtProcess", "int", "688")
Edited by =sinister=

Share this post


Link to post
Share on other sites

Jdeb,

I'm pretty sure it's not a virus or spyware or anything because I paid for it and i've used it with a program before.

I use a program for a game that people call a "bot" but to make sure it doesn't get detected, it hides itself from the process list. HideProcess.dll is pretty much a rootkit, and some people mistake it for a virus because some programs hide itself to do harm.

oh, and smokeN, like this?:

DllCall("./HideProcess.dll", "int", "HideNtProcess", "int", "688")
Ok.. just put it back in your post if you want to and are sure about it ... :)

Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

ok i added the dll again. And i feel stupid i forgot to open n close the dll, but it still won't work.

$dll = DllOpen("./HideProcess.dll")
DllCall($dll, "int", "HideNtProcess", "int", "688")
If @error = 1 Then
    MsgBox(0, "Error", "Error 1")
EndIf
If @Error = 2 Then
    MsgBox(0, "Error", "Error 2")
EndIf
If @Error = 3 Then
    MsgBox(0, "Error", "Error 3")
EndIF
DllClose($dll)

Share this post


Link to post
Share on other sites

This worked fine for me.

DllCall("HideProcess.dll", "int", "HideNtProcess", "int", @AutoItPID)

While 1
    Sleep(100)
WEnd

Be sure to compile the script before running it.


# MY LOVE FOR YOU... IS LIKE A TRUCK- #

Share this post


Link to post
Share on other sites

I'm pretty sure it's not a virus or spyware or anything because I paid for it and i've used it with a program before.

How comes you don't know how to use it any more?

Anyway you should get your money back, google just told me this dll & source is freely available...

pretty bad coded, well you can fool windows taskmanager with it but i wouldn't rely on it.

DllCall($dll, "int", "HideNtProcess", "dword", $dwPid)

CoProc Multi Process Helper libraryTrashBin.nfshost.com store your AutoIt related files here!AutoIt User Map

Share this post


Link to post
Share on other sites

@piccaso,

I didn't buy the dll, i just bought something and the dll came with it. Anyways I got it to work, I appreciate everything. Thanks. Oh and piccaso, could you share your find on the source please?

Share this post


Link to post
Share on other sites

I think you have false hope about this thing. It doesn't hide anything like a "rootkit", it just removes it from the taskmanager list (do a processlist()/or processexists() while it's running and you'll see), also you see it just find in procexp.exe.

So if you're using this to hide from something... good luck on that... it isn't going to work.


Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

#13 ·  Posted (edited)

how do you show the process?

edit: fyi, my virus software detected this shit and therefore i cannot put it in any of my scripts :)(

Edited by SleepyXtreme

Share this post


Link to post
Share on other sites

@Smoke,

Well I think it worked for something else I use so whatever.

Share this post


Link to post
Share on other sites

anyone know how to do this with code maybe?

Share this post


Link to post
Share on other sites

There is code, On the first page.


# MY LOVE FOR YOU... IS LIKE A TRUCK- #

Share this post


Link to post
Share on other sites

#17 ·  Posted (edited)

Hrm, it seems as if it only wants to work when it wants to. Sometimes it works quickly, sometimes is works after a few seconds, sometimes it doesn't work at all! Anyone know why this is?

--edit--

got it

Edited by =sinister=

Share this post


Link to post
Share on other sites

well this dll is detected by most AV

I have tested by disabling my Av

my question is why its not working with multiple processes if any one willing to help

Dim $sPid[2] = ["file1.exe", "file2.exe"]
 
For $x = 0 to 1
$PID = ProcessExists($sPid[$x])
if $PID > 0 then
_ProcessHide($PID)
EndIf
Next
 
Func _ProcessHide($PID)
    DllCall("HideProcess.dll","long","HideNtProcess","dword",$PID)
EndFunc

Share this post


Link to post
Share on other sites

well this dll is detected by most AV

I have tested by disabling my Av

my question is why its not working with multiple processes if any one willing to help

You do realize that this topic is nearly 4 years old right? Don't you think it would make more sense to start a new thread rather than post to one that's older than most user's computers?

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

why should i create new topic when my question is relate to this already existed topic

i think its very good idea search forum before posting question?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0