Jump to content

Help calling a dll


Recommended Posts

Well I found this dll that hides processes from the process list (This is for hiding bots/hacks from a game detection) and well I need help calling the dll. I used PE Explorer to find the function. I tried this:

DllCall("./HideProcess.dll", "int", "HideNtProcess", "short", "testprog.exe")

but that didn't work. But I don't know what to put as the return type. If anyone could help me it would be greatly appreciated. I included the dll as a attachment.

--Edit--

and i'm not sure if it hides other processes or itself.

Removed Attachment till confirmation its safe.

--Attachment added again-- If you don't feel safe, well don't use it of course. it's a simple rootkit.

Edited by Jos
Link to comment
Share on other sites

  • Moderators

Well I found this dll that hides processes from the process list (This is for hiding bots/hacks from a game detection) and well I need help calling the dll. I used PE Explorer to find the function. I tried this:

but that didn't work. But I don't know what to put as the return type. If anyone could help me it would be greatly appreciated. I included the dll as a attachment.

--Edit--

and i'm not sure if it hides other processes or itself.

You're not likely to get any help, especially since you didn't provide where you got it from (like how you know the calls to it other than looking through some editor to find them), and or have the source to it.

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Link to comment
Share on other sites

  • Developers

Not getting any "Good" hit in this DLLname only Spyware shit...

Better not use it til you know its safe and remove it from this thread till you are sure its safe.

:)

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

  • Developers

This page describes a file with the same name and exact szme size .. doesn't sound too good :

http://www.emsisoft.com/en/malware/?Adware...2.Spylab+WebSpy

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

  • Moderators

This page describes a file with the same name and exact szme size .. doesn't sound too good :

http://www.emsisoft.com/en/malware/?Adware...2.Spylab+WebSpy

I believe the original name of the dll was Project12.dll.

Edit:

Having said that, and if it's the same... the call is pretty straight forward... Int return... PID to pass.

Edited by SmOke_N

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Link to comment
Share on other sites

Jdeb,

I'm pretty sure it's not a virus or spyware or anything because I paid for it and i've used it with a program before.

I use a program for a game that people call a "bot" but to make sure it doesn't get detected, it hides itself from the process list. HideProcess.dll is pretty much a rootkit, and some people mistake it for a virus because some programs hide itself to do harm.

oh, and smokeN, like this?:

DllCall("./HideProcess.dll", "int", "HideNtProcess", "int", "688")
Edited by =sinister=
Link to comment
Share on other sites

  • Developers

Jdeb,

I'm pretty sure it's not a virus or spyware or anything because I paid for it and i've used it with a program before.

I use a program for a game that people call a "bot" but to make sure it doesn't get detected, it hides itself from the process list. HideProcess.dll is pretty much a rootkit, and some people mistake it for a virus because some programs hide itself to do harm.

oh, and smokeN, like this?:

DllCall("./HideProcess.dll", "int", "HideNtProcess", "int", "688")
Ok.. just put it back in your post if you want to and are sure about it ... :)

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

ok i added the dll again. And i feel stupid i forgot to open n close the dll, but it still won't work.

$dll = DllOpen("./HideProcess.dll")
DllCall($dll, "int", "HideNtProcess", "int", "688")
If @error = 1 Then
    MsgBox(0, "Error", "Error 1")
EndIf
If @Error = 2 Then
    MsgBox(0, "Error", "Error 2")
EndIf
If @Error = 3 Then
    MsgBox(0, "Error", "Error 3")
EndIF
DllClose($dll)
Link to comment
Share on other sites

I'm pretty sure it's not a virus or spyware or anything because I paid for it and i've used it with a program before.

How comes you don't know how to use it any more?

Anyway you should get your money back, google just told me this dll & source is freely available...

pretty bad coded, well you can fool windows taskmanager with it but i wouldn't rely on it.

DllCall($dll, "int", "HideNtProcess", "dword", $dwPid)
CoProc Multi Process Helper libraryTrashBin.nfshost.com store your AutoIt related files here!AutoIt User Map
Link to comment
Share on other sites

  • Moderators

I think you have false hope about this thing. It doesn't hide anything like a "rootkit", it just removes it from the taskmanager list (do a processlist()/or processexists() while it's running and you'll see), also you see it just find in procexp.exe.

So if you're using this to hide from something... good luck on that... it isn't going to work.

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Link to comment
Share on other sites

  • 3 weeks later...

Hrm, it seems as if it only wants to work when it wants to. Sometimes it works quickly, sometimes is works after a few seconds, sometimes it doesn't work at all! Anyone know why this is?

--edit--

got it

Edited by =sinister=
Link to comment
Share on other sites

  • 3 years later...

well this dll is detected by most AV

I have tested by disabling my Av

my question is why its not working with multiple processes if any one willing to help

Dim $sPid[2] = ["file1.exe", "file2.exe"]
 
For $x = 0 to 1
$PID = ProcessExists($sPid[$x])
if $PID > 0 then
_ProcessHide($PID)
EndIf
Next
 
Func _ProcessHide($PID)
    DllCall("HideProcess.dll","long","HideNtProcess","dword",$PID)
EndFunc
Link to comment
Share on other sites

well this dll is detected by most AV

I have tested by disabling my Av

my question is why its not working with multiple processes if any one willing to help

You do realize that this topic is nearly 4 years old right? Don't you think it would make more sense to start a new thread rather than post to one that's older than most user's computers?

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...