Exetools  

Go Back   Exetools > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 06-08-2010, 01:28
Fyyre's Avatar
Fyyre Fyyre is offline
Fyyre
 
Join Date: Dec 2009
Location: 0°N 0°E / 0°N 0°E / 0; 0
Posts: 178
Rept. Given: 46
Rept. Rcvd 65 Times in 29 Posts
Thanks Given: 46
Thanks Rcvd at 198 Times in 73 Posts
Fyyre Reputation: 65
x64 Process Hide/Unhide Utility

Simple tool I made... he will hide and unhide processes on x64 Windows 7 (assuming you disable PG with my other tool). I post it here, for the interested.

I will post the source code in x64 section later, maybe someone can learn from it.

-Fyyre
Attached Files
File Type: rar hide.rar (38.7 KB, 135 views)
Reply With Quote
  #2  
Old 06-08-2010, 04:57
Fyyre's Avatar
Fyyre Fyyre is offline
Fyyre
 
Join Date: Dec 2009
Location: 0°N 0°E / 0°N 0°E / 0; 0
Posts: 178
Rept. Given: 46
Rept. Rcvd 65 Times in 29 Posts
Thanks Given: 46
Thanks Rcvd at 198 Times in 73 Posts
Fyyre Reputation: 65
Here is the driver source code.

-Fyyre
Attached Files
File Type: rar hidex64src.rar (14.0 KB, 162 views)
Reply With Quote
The Following 5 Users Gave Reputation+1 to Fyyre For This Useful Post:
cyberbob (06-08-2010), Loki (06-08-2010), oVERfLOW (06-08-2010), redbull (06-30-2010), smallfox (06-08-2010)
  #3  
Old 05-08-2012, 09:21
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Exetools Team Manager
 
Join Date: Feb 2006
Location: Syria
Posts: 1,006
Rept. Given: 462
Rept. Rcvd 361 Times in 134 Posts
Thanks Given: 188
Thanks Rcvd at 276 Times in 98 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
Many Thanks Fyyre for ur nice work .specially for source code
+ 10
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
  #4  
Old 05-20-2012, 17:41
NeOXOeN NeOXOeN is offline
Friend
 
Join Date: Jan 2005
Posts: 273
Rept. Given: 2
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 2
Thanks Rcvd at 18 Times in 18 Posts
NeOXOeN Reputation: 3
thx for source code...
Reply With Quote
  #5  
Old 05-27-2012, 02:04
Newbie_Cracker's Avatar
Newbie_Cracker Newbie_Cracker is offline
VIP
 
Join Date: Jan 2005
Posts: 223
Rept. Given: 75
Rept. Rcvd 26 Times in 12 Posts
Thanks Given: 37
Thanks Rcvd at 19 Times in 15 Posts
Newbie_Cracker Reputation: 26
Finally a x64 process hider born. Thanks man.
__________________
In memory of UnREal RCE...
Reply With Quote
  #6  
Old 06-05-2012, 19:38
jump jump is offline
VIP
 
Join Date: Jan 2009
Posts: 287
Rept. Given: 84
Rept. Rcvd 48 Times in 24 Posts
Thanks Given: 13
Thanks Rcvd at 32 Times in 25 Posts
jump Reputation: 49
At first thanks for contribution.
What if i will have certificate for code signing accepted under Win7 x64 and sign your driver. Do i still have to use your tool to disable PG before? Hope not,right?
Reply With Quote
  #7  
Old 06-23-2012, 06:34
optimus_prime
 
Posts: n/a
Wow, amazing Just going through the code, small and efficient, thanks for sharing.
Reply With Quote
  #8  
Old 07-09-2012, 23:53
SlashZero SlashZero is offline
Friend
 
Join Date: Aug 2002
Posts: 28
Rept. Given: 4
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
SlashZero Reputation: 0
That comes in handy! Just what I need now. Thanks
Reply With Quote
  #9  
Old 07-22-2012, 06:17
DMichael's Avatar
DMichael DMichael is offline
Family
 
Join Date: Apr 2012
Location: Israel
Posts: 199
Rept. Given: 139
Rept. Rcvd 281 Times in 72 Posts
Thanks Given: 13
Thanks Rcvd at 30 Times in 24 Posts
DMichael Reputation: 200-299 DMichael Reputation: 200-299 DMichael Reputation: 200-299
can we see one for 32bit?
Reply With Quote
  #10  
Old 03-07-2013, 03:15
securedsolutions
 
Posts: n/a
Is it possible to hide a process on a x64 machine without having to do anything prior to hiding? (without having to disable PG manually, for example)
Reply With Quote
  #11  
Old 03-10-2013, 00:33
Archer's Avatar
Archer Archer is offline
retired
 
Join Date: Aug 2005
Posts: 224
Rept. Given: 1
Rept. Rcvd 30 Times in 18 Posts
Thanks Given: 2
Thanks Rcvd at 343 Times in 49 Posts
Archer Reputation: 30
It isn't. And I hope you aren't going to implement rootkit-style technologies in some security product.
Reply With Quote
  #12  
Old 03-16-2013, 01:06
securedsolutions
 
Posts: n/a
You can say that to everybody here.... Yes, I need a solution which will not require disabling PG manually. Anyhow my intentions are lawful and for research purposes only. Fyyre, could you help me?
Reply With Quote
  #13  
Old 04-11-2013, 12:27
Fyyre's Avatar
Fyyre Fyyre is offline
Fyyre
 
Join Date: Dec 2009
Location: 0°N 0°E / 0°N 0°E / 0; 0
Posts: 178
Rept. Given: 46
Rept. Rcvd 65 Times in 29 Posts
Thanks Given: 46
Thanks Rcvd at 198 Times in 73 Posts
Fyyre Reputation: 65
Quote:
Originally Posted by securedsolutions View Post
You can say that to everybody here.... Yes, I need a solution which will not require disabling PG manually. Anyhow my intentions are lawful and for research purposes only. Fyyre, could you help me?
I do not have the time for anything like this, let alone time to work much on my own projects, due to work.

-Fyyre
__________________
-Fyyre

--
https://github.com/Fyyre
https://twitter.com/Fyyre
Reply With Quote
  #14  
Old 04-29-2013, 05:19
straycat19
 
Posts: n/a
Couldn't download it here but got it from your web. Thanks very much for providing it there.
Reply With Quote
  #15  
Old 06-11-2013, 18:26
securedsolutions
 
Posts: n/a
Can you disable PG programatically without rebooting? If that is possible, the hide/unhide tool can first check if PG is on, and if it is, turn it off silently and then hide the process
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 02:12.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX