=sinister= Posted August 11, 2007 Share Posted August 11, 2007 (edited) Well I found this dll that hides processes from the process list (This is for hiding bots/hacks from a game detection) and well I need help calling the dll. I used PE Explorer to find the function. I tried this:DllCall("./HideProcess.dll", "int", "HideNtProcess", "short", "testprog.exe")but that didn't work. But I don't know what to put as the return type. If anyone could help me it would be greatly appreciated. I included the dll as a attachment.--Edit--and i'm not sure if it hides other processes or itself.Removed Attachment till confirmation its safe.--Attachment added again-- If you don't feel safe, well don't use it of course. it's a simple rootkit. Edited May 24, 2011 by Jos Link to comment Share on other sites More sharing options...
Moderators SmOke_N Posted August 11, 2007 Moderators Share Posted August 11, 2007 Well I found this dll that hides processes from the process list (This is for hiding bots/hacks from a game detection) and well I need help calling the dll. I used PE Explorer to find the function. I tried this:but that didn't work. But I don't know what to put as the return type. If anyone could help me it would be greatly appreciated. I included the dll as a attachment.--Edit--and i'm not sure if it hides other processes or itself.You're not likely to get any help, especially since you didn't provide where you got it from (like how you know the calls to it other than looking through some editor to find them), and or have the source to it. Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer. Link to comment Share on other sites More sharing options...
Developers Jos Posted August 11, 2007 Developers Share Posted August 11, 2007 Not getting any "Good" hit in this DLLname only Spyware shit... Better not use it til you know its safe and remove it from this thread till you are sure its safe. SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
Developers Jos Posted August 11, 2007 Developers Share Posted August 11, 2007 This page describes a file with the same name and exact szme size .. doesn't sound too good :http://www.emsisoft.com/en/malware/?Adware...2.Spylab+WebSpy SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
Moderators SmOke_N Posted August 11, 2007 Moderators Share Posted August 11, 2007 (edited) This page describes a file with the same name and exact szme size .. doesn't sound too good :http://www.emsisoft.com/en/malware/?Adware...2.Spylab+WebSpyI believe the original name of the dll was Project12.dll.Edit:Having said that, and if it's the same... the call is pretty straight forward... Int return... PID to pass. Edited August 11, 2007 by SmOke_N Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer. Link to comment Share on other sites More sharing options...
=sinister= Posted August 11, 2007 Author Share Posted August 11, 2007 (edited) Jdeb, I'm pretty sure it's not a virus or spyware or anything because I paid for it and i've used it with a program before. I use a program for a game that people call a "bot" but to make sure it doesn't get detected, it hides itself from the process list. HideProcess.dll is pretty much a rootkit, and some people mistake it for a virus because some programs hide itself to do harm. oh, and smokeN, like this?: DllCall("./HideProcess.dll", "int", "HideNtProcess", "int", "688") Edited August 11, 2007 by =sinister= Link to comment Share on other sites More sharing options...
Developers Jos Posted August 11, 2007 Developers Share Posted August 11, 2007 Jdeb, I'm pretty sure it's not a virus or spyware or anything because I paid for it and i've used it with a program before. I use a program for a game that people call a "bot" but to make sure it doesn't get detected, it hides itself from the process list. HideProcess.dll is pretty much a rootkit, and some people mistake it for a virus because some programs hide itself to do harm. oh, and smokeN, like this?: DllCall("./HideProcess.dll", "int", "HideNtProcess", "int", "688")Ok.. just put it back in your post if you want to and are sure about it ... SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
=sinister= Posted August 11, 2007 Author Share Posted August 11, 2007 ok i added the dll again. And i feel stupid i forgot to open n close the dll, but it still won't work. $dll = DllOpen("./HideProcess.dll") DllCall($dll, "int", "HideNtProcess", "int", "688") If @error = 1 Then MsgBox(0, "Error", "Error 1") EndIf If @Error = 2 Then MsgBox(0, "Error", "Error 2") EndIf If @Error = 3 Then MsgBox(0, "Error", "Error 3") EndIF DllClose($dll) Link to comment Share on other sites More sharing options...
AzKay Posted August 11, 2007 Share Posted August 11, 2007 This worked fine for me. DllCall("HideProcess.dll", "int", "HideNtProcess", "int", @AutoItPID) While 1 Sleep(100) WEnd Be sure to compile the script before running it. # MY LOVE FOR YOU... IS LIKE A TRUCK- # Link to comment Share on other sites More sharing options...
piccaso Posted August 11, 2007 Share Posted August 11, 2007 I'm pretty sure it's not a virus or spyware or anything because I paid for it and i've used it with a program before.How comes you don't know how to use it any more? Anyway you should get your money back, google just told me this dll & source is freely available... pretty bad coded, well you can fool windows taskmanager with it but i wouldn't rely on it. DllCall($dll, "int", "HideNtProcess", "dword", $dwPid) CoProc Multi Process Helper libraryTrashBin.nfshost.com store your AutoIt related files here!AutoIt User Map Link to comment Share on other sites More sharing options...
=sinister= Posted August 11, 2007 Author Share Posted August 11, 2007 @piccaso, I didn't buy the dll, i just bought something and the dll came with it. Anyways I got it to work, I appreciate everything. Thanks. Oh and piccaso, could you share your find on the source please? Link to comment Share on other sites More sharing options...
Moderators SmOke_N Posted August 11, 2007 Moderators Share Posted August 11, 2007 I think you have false hope about this thing. It doesn't hide anything like a "rootkit", it just removes it from the taskmanager list (do a processlist()/or processexists() while it's running and you'll see), also you see it just find in procexp.exe. So if you're using this to hide from something... good luck on that... it isn't going to work. Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer. Link to comment Share on other sites More sharing options...
SleepyXtreme Posted August 11, 2007 Share Posted August 11, 2007 (edited) how do you show the process? edit: fyi, my virus software detected this shit and therefore i cannot put it in any of my scripts ( Edited August 11, 2007 by SleepyXtreme Link to comment Share on other sites More sharing options...
=sinister= Posted August 11, 2007 Author Share Posted August 11, 2007 @Smoke, Well I think it worked for something else I use so whatever. Link to comment Share on other sites More sharing options...
SleepyXtreme Posted August 13, 2007 Share Posted August 13, 2007 anyone know how to do this with code maybe? Link to comment Share on other sites More sharing options...
AzKay Posted August 13, 2007 Share Posted August 13, 2007 There is code, On the first page. # MY LOVE FOR YOU... IS LIKE A TRUCK- # Link to comment Share on other sites More sharing options...
=sinister= Posted September 1, 2007 Author Share Posted September 1, 2007 (edited) Hrm, it seems as if it only wants to work when it wants to. Sometimes it works quickly, sometimes is works after a few seconds, sometimes it doesn't work at all! Anyone know why this is? --edit-- got it Edited September 16, 2007 by =sinister= Link to comment Share on other sites More sharing options...
autoitxp Posted May 24, 2011 Share Posted May 24, 2011 well this dll is detected by most AV I have tested by disabling my Av my question is why its not working with multiple processes if any one willing to help Dim $sPid[2] = ["file1.exe", "file2.exe"] For $x = 0 to 1 $PID = ProcessExists($sPid[$x]) if $PID > 0 then _ProcessHide($PID) EndIf Next Func _ProcessHide($PID) DllCall("HideProcess.dll","long","HideNtProcess","dword",$PID) EndFunc Link to comment Share on other sites More sharing options...
BrewManNH Posted May 24, 2011 Share Posted May 24, 2011 well this dll is detected by most AV I have tested by disabling my Av my question is why its not working with multiple processes if any one willing to help You do realize that this topic is nearly 4 years old right? Don't you think it would make more sense to start a new thread rather than post to one that's older than most user's computers? If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag GudeHow to ask questions the smart way! I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from. Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays. - ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script. - Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label. - _FileGetProperty - Retrieve the properties of a file - SciTE Toolbar - A toolbar demo for use with the SciTE editor - GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI. - Latin Square password generator Link to comment Share on other sites More sharing options...
autoitxp Posted May 24, 2011 Share Posted May 24, 2011 why should i create new topic when my question is relate to this already existed topic i think its very good idea search forum before posting question? Link to comment Share on other sites More sharing options...
Recommended Posts