EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 06-08-2010, 01:28
Fyyre's Avatar
Fyyre Fyyre is online now
Fyyre
 
Join Date: Dec 2009
Location: 0°N 0°E / 0°N 0°E / 0; 0
Posts: 145
Rept. Given: 42
Rept. Rcvd 59 Times in 27 Posts
Thanks Given: 29
Thanks Rcvd at 87 Times in 21 Posts
Fyyre Reputation: 59
x64 Process Hide/Unhide Utility

Simple tool I made... he will hide and unhide processes on x64 Windows 7 (assuming you disable PG with my other tool). I post it here, for the interested.

I will post the source code in x64 section later, maybe someone can learn from it.

-Fyyre
Attached Files
File Type: rar hide.rar (38.7 KB, 135 views)
Reply With Quote
  #2  
Old 06-08-2010, 04:57
Fyyre's Avatar
Fyyre Fyyre is online now
Fyyre
 
Join Date: Dec 2009
Location: 0°N 0°E / 0°N 0°E / 0; 0
Posts: 145
Rept. Given: 42
Rept. Rcvd 59 Times in 27 Posts
Thanks Given: 29
Thanks Rcvd at 87 Times in 21 Posts
Fyyre Reputation: 59
Here is the driver source code.

-Fyyre
Attached Files
File Type: rar hidex64src.rar (14.0 KB, 162 views)
Reply With Quote
The Following 5 Users Gave Reputation+1 to Fyyre For This Useful Post:
cyberbob (06-08-2010), Loki (06-08-2010), oVERfLOW (06-08-2010), redbull (06-30-2010), smallfox (06-08-2010)
  #3  
Old 05-08-2012, 09:21
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Exetools Team Manager
 
Join Date: Feb 2006
Location: Syria
Posts: 983
Rept. Given: 456
Rept. Rcvd 354 Times in 131 Posts
Thanks Given: 152
Thanks Rcvd at 144 Times in 36 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
Many Thanks Fyyre for ur nice work .specially for source code
+ 10
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
  #4  
Old 05-20-2012, 17:41
NeOXOeN NeOXOeN is offline
Friend
 
Join Date: Jan 2005
Posts: 272
Rept. Given: 2
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 2
Thanks Rcvd at 2 Times in 2 Posts
NeOXOeN Reputation: 3
thx for source code...
Reply With Quote
  #5  
Old 05-27-2012, 02:04
Newbie_Cracker's Avatar
Newbie_Cracker Newbie_Cracker is offline
VIP
 
Join Date: Jan 2005
Posts: 217
Rept. Given: 75
Rept. Rcvd 26 Times in 12 Posts
Thanks Given: 29
Thanks Rcvd at 6 Times in 4 Posts
Newbie_Cracker Reputation: 26
Finally a x64 process hider born. Thanks man.
__________________
UnREal RCE - Persian Crackers

UnREal RCE is UNDERGROUND hereafter !
Reply With Quote
  #6  
Old 06-05-2012, 19:38
jump jump is offline
VIP
 
Join Date: Jan 2009
Posts: 285
Rept. Given: 84
Rept. Rcvd 48 Times in 24 Posts
Thanks Given: 13
Thanks Rcvd at 11 Times in 6 Posts
jump Reputation: 49
At first thanks for contribution.
What if i will have certificate for code signing accepted under Win7 x64 and sign your driver. Do i still have to use your tool to disable PG before? Hope not,right?
Reply With Quote
  #7  
Old 06-23-2012, 06:34
optimus_prime
 
Posts: n/a
Wow, amazing Just going through the code, small and efficient, thanks for sharing.
Reply With Quote
  #8  
Old 07-09-2012, 23:53
SlashZero SlashZero is offline
Friend
 
Join Date: Aug 2002
Posts: 28
Rept. Given: 4
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
SlashZero Reputation: 0
That comes in handy! Just what I need now. Thanks
Reply With Quote
  #9  
Old 07-22-2012, 06:17
DMichael's Avatar
DMichael DMichael is offline
Family
 
Join Date: Apr 2012
Location: Israel
Posts: 199
Rept. Given: 139
Rept. Rcvd 281 Times in 72 Posts
Thanks Given: 13
Thanks Rcvd at 7 Times in 3 Posts
DMichael Reputation: 200-299 DMichael Reputation: 200-299 DMichael Reputation: 200-299
can we see one for 32bit?
Reply With Quote
  #10  
Old 03-07-2013, 03:15
securedsolutions
 
Posts: n/a
Is it possible to hide a process on a x64 machine without having to do anything prior to hiding? (without having to disable PG manually, for example)
Reply With Quote
  #11  
Old 03-10-2013, 00:33
Archer's Avatar
Archer Archer is offline
retired
 
Join Date: Aug 2005
Posts: 222
Rept. Given: 1
Rept. Rcvd 30 Times in 18 Posts
Thanks Given: 2
Thanks Rcvd at 295 Times in 32 Posts
Archer Reputation: 30
It isn't. And I hope you aren't going to implement rootkit-style technologies in some security product.
Reply With Quote
  #12  
Old 03-16-2013, 01:06
securedsolutions
 
Posts: n/a
You can say that to everybody here.... Yes, I need a solution which will not require disabling PG manually. Anyhow my intentions are lawful and for research purposes only. Fyyre, could you help me?
Reply With Quote
  #13  
Old 04-11-2013, 12:27
Fyyre's Avatar
Fyyre Fyyre is online now
Fyyre
 
Join Date: Dec 2009
Location: 0°N 0°E / 0°N 0°E / 0; 0
Posts: 145
Rept. Given: 42
Rept. Rcvd 59 Times in 27 Posts
Thanks Given: 29
Thanks Rcvd at 87 Times in 21 Posts
Fyyre Reputation: 59
Quote:
Originally Posted by securedsolutions View Post
You can say that to everybody here.... Yes, I need a solution which will not require disabling PG manually. Anyhow my intentions are lawful and for research purposes only. Fyyre, could you help me?
I do not have the time for anything like this, let alone time to work much on my own projects, due to work.

-Fyyre
__________________
-Fyyre

--
https://github.com/Fyyre
https://twitter.com/Fyyre
Reply With Quote
  #14  
Old 04-29-2013, 05:19
straycat19
 
Posts: n/a
Couldn't download it here but got it from your web. Thanks very much for providing it there.
Reply With Quote
  #15  
Old 06-11-2013, 18:26
securedsolutions
 
Posts: n/a
Can you disable PG programatically without rebooting? If that is possible, the hide/unhide tool can first check if PG is on, and if it is, turn it off silently and then hide the process
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 03:34.


��ICP��05004977��
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX