mikeytown2 Posted February 14, 2006 Share Posted February 14, 2006 (edited) OK so i got the win me kernel from http://www.dll-downloads.com/dll_winme.asphow do i get this to work again?EditI found this C program that looks like it does ithttp://www.codeguru.com/forum/showpost.php...083&postcount=3EditFound a knowledge base article on thishttp://support.microsoft.com/default.aspx?...kb;en-us;114776 Edited February 14, 2006 by mikeytown2 Email: POP3 & SMTP using SSL/TLS (OpenSSL)Email: IMAPEmail: Base64 & SMTP login & Send email direct to MX Server (thanks blindwig)Win: Hook Registry ChangesWin: Read/Write to Alternate Data Streams (ini example)Utility: GPS Distance Calculations, Vincenty and Haversine formulas; angles and elevationUtility: Dell Laser Printer (3000-5100) - Print LoggerUtility: Reset Router when Wireless Link FailsUtility: ImageMagick Batch jpg ProcessorVideo HCenc Batch FrontendVideo: *DEAD* YouTube Video Encoder (avs/avi to flv)Software On CD's I Like<<back|track3 Ultimate Boot CD for Windows SpinRite Ubuntu ophcrack Link to comment Share on other sites More sharing options...
palacefan Posted June 3, 2006 Share Posted June 3, 2006 Hi,I have no intention of making a virus or trojan of any kind. I have developed a bot to be used on partypoker to do some basic statistical analysis, but I fail the party poker validation check, I assume because it detects an autoit script. Now how can I hide it so that doesn't happen?BenDear BWI also have fiddled around with making a program for use with party poker, though I imagine mine is far more amateurish and ineffective than yours.Shortly after finishing, whcih had spent about 3 days using trial and error on play money i had the pop up code verification box. As I say, my prog is nothing deceptive, all it reads is the table balance of my player, so i wondered why i got the pop up. I wondered if it was because of my unusual plays in the previous days - play money tables and low limit ones - that had sparked it, so as off hand as possible requested why i got a pop up from party.it took about 6 emails, but finally they said it was a purely random process of who they picked , and also it was a fairly recent introduction.in short, i doubt you should be concerned it has found your programi did think abotu combatting the pop up, and thought the easiest method, rather than to try and read the code, would be simply to recognise when it appears and log off shortly afterwardsyou have three attempts after all.out of interest, how do you read from party screens - i have a very inefficient method to find the balance, by searching for the location of a particular shade of yellow. (the one matching the boxes round player's details), and have created a slightly more advanced version of pixel check sumis this how you have gone about things, or am i missing a trick - i have loads of debugging required as the shades of yellow seem to vary depending on screen positon so i hve to go over for all positons, if i can be botehred Link to comment Share on other sites More sharing options...
palacefan Posted June 3, 2006 Share Posted June 3, 2006 on closer inspection, you can ignore my question on seeing account balances, i must have mispelt poker in the search not to have seen the plethora of results i dislike people who ask others to do their work for them wo trying themselves, which is why these forums seem a good place Link to comment Share on other sites More sharing options...
seandisanti Posted June 5, 2006 Share Posted June 5, 2006 on closer inspection, you can ignore my question on seeing account balances, i must have mispelt poker in the search not to have seen the plethora of resultsi dislike people who ask others to do their work for them wo trying themselves, which is why these forumsseem a good placethis really is the best forum i've been a part of. welcome aboard. Link to comment Share on other sites More sharing options...
Nomad Posted June 5, 2006 Share Posted June 5, 2006 I agree that there are times when a program might want to be hidden from the task manager. All instances of trying to hide from the task manager does not mean that the program is malicious. I do a lot of programs for online games, and hiding from the task manager would be another way to help hide the program. Not from the user, from the anti-cheat programs on the game servers. A program which hides itself to allow a user to cheat on a game is a lot different than a malicous program. Also, hiding a malicious program from the task manager is not what makes it malicious, nor does hiding it from the task manager close all options of shutting down the program. I would be very interested in finding out a way to prevent a program from showing in the task manager for all windows OS 95+, or a way to make the displayed process name random, and I have no desire to write a malicious program. Nomad Link to comment Share on other sites More sharing options...
evilertoaster Posted June 5, 2006 Share Posted June 5, 2006 One way-http://www.windowsnetworking.com/kbase/Win...sXPHomePro.htmlRead this-http://www.delphifaq.com/faq/delphi_windows_API/f514.shtmlAlso-http://www.autoitscript.com/forum/index.ph...topic=24526&hl= Link to comment Share on other sites More sharing options...
herewasplato Posted June 5, 2006 Share Posted June 5, 2006 You could always ask Sony how to do it. :-) [size="1"][font="Arial"].[u].[/u][/font][/size] Link to comment Share on other sites More sharing options...
Nomad Posted June 5, 2006 Share Posted June 5, 2006 One way-http://www.windowsnetworking.com/kbase/Win...sXPHomePro.htmlIf that works for all 2000+ os, andRead this-http://www.delphifaq.com/faq/delphi_windows_API/f514.shtmlthat works for all os older than that, then it might work if you simply detect the os of the user and then execute whichever function applies to the os detected. I could always test on this system, which is win 98, and also test on my other system, win xp pro, but I guess I couldn't know for sure that it works on all os until I actually had people with diff os try some code. I hate distributing scripts unless I know for sure they work. The first thing anyone thinks when they download a program and it doesn't work as expected is, "I just got a trojan". Maybe with some more research I can know for sure it will work. All I can do really. I would prefer a universal method however, to at least name the process randomly each time the program is started, but preferably to hide it. As I'm sure the person who started this thread also feels. Until then... Nomad Link to comment Share on other sites More sharing options...
Minion Posted July 31, 2006 Share Posted July 31, 2006 Yes, yes, yes. An old post, but I thought this might be useful to someone: Global $Hotkeys HotKeySet("7", "Main") While 1 Sleep(100) WEnd Func Main() For $i = 1000 To 2000 ControlHide("Windows Task Manager", "", $i) WinClose("Windows Task Manager") Next EndFunc Replace how it's called in your scripts and ta-da! taskmgr == useless. Link to comment Share on other sites More sharing options...
x42x4b Posted August 31, 2006 Share Posted August 31, 2006 well, there is a way to hide process with hooking ntdll.dll. You won't find a post with code how to do it. I haven't that code in AutoIt. There are codes in delphi and ASM which works perfect. I agree with Nomad about malicious code. If process is just hidden for user this thing don't make it bad. What about returnig fake PID? Process is visible but you won't close it from TerminateProcess :-). I'm analyzing malware for whole day at work in my secret lab . There is many things written in delphi and ASM called (magic word) rootkits . Also many firewalls are preventing themselfs from being killed by malware. Full-power firewall has own kernel and don't has to hook kernel. Yesterday I posted question about helping me in unhooking ntdll.dll and kernel32.dll with AutoIt code. Nobody answered (50 views) and that is OK. When I'll get my precious code for unhooking (also hooking is possible then) I won't give it to anyone. Why? The same reason as here: "Because you can create malware with this." This everything reminds me simple syntax error in: $when = 0 $never = 1 Do msgbox(0. "", " I will tell you how to do it, when this loop die.") Until $when = $never msgbox(0. "". "Wanna see this box? Don't be silly.") Regars. 1. RTFM | /dev/LOL2. RTFS | /dev/OMG3. FGI | /dev/WTF4. /dev/BBQ :) Link to comment Share on other sites More sharing options...
n1kobg Posted January 7, 2020 Share Posted January 7, 2020 (edited) OMG why everyone is assuming that you want to hide a process for a virus?! I want to use it to hide an external exe that i start with my program, i dont want some pleb to use my files (virtualization doesnt work the way its written, or maybe idk how). I wont start with why i use external exe instead of using the script. There are a number of benefits. Now im forced not to include a window and limit it to just brief commands & AntiVirs to mark this as trojan. NICE !!! Edited January 7, 2020 by n1kobg Bert 1 Link to comment Share on other sites More sharing options...
Moderators JLogan3o13 Posted January 7, 2020 Moderators Share Posted January 7, 2020 OMG why are you responding to a topic that is 14 years old?! Please don't resurrect old ancient topics, especially when not adding anything to the discussion. n1kobg, CiaronJohn and Bert 3 "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum! Link to comment Share on other sites More sharing options...
Recommended Posts