Description: 这是使用 Win32 API 编写的一个功能强大的程序。可谓无所不能。
1、编辑和修改任何活动程序的窗口、菜单、工具栏以及其它控制(各种按钮、编辑框、组合框等)。
2、对于某个运行中程序的窗口/控制,你可以:
——将它们Enable/Disable,Show/Hide,销毁(带自定义返回);
——修改它们的图标、口令字符、字体、背景色、位置、大小和标题;
3、编辑某个窗口的菜单、工具栏(enable/disable,销毁,获取和设置其ID等);
4、显示出所有运行的进程、线程、模块(dlls)和窗口清单,并可以kill进程。
5、用模块察看器可以加载和卸载库(dlls),可以注册和注销ocx/dll文件。
6、类似WM_COMMAND的消息可以被发送到某个窗口。
7、任何窗口都可以被拷贝成一幅位图图像(Bitmap),并将图像发到剪贴板。
8、Disable任务管理器(Task Manager)。
9、察看被各个窗口打开的所有文件。从而监视系统中文件的活动。
-This is the use of Win32 API prepared a powerful process. Is omnipotent. One, editing and revising procedures for any activity window, menu, toolbar, and other control (various buttons, edit box, frame composition etc.). 2 for a certain operation procedures window / control, you can : -- they Enable / Disable, Show / Hide destruction (with the custom to return); -- Amend their icon, password characters, fonts, background color, location, size and title ; 3, editing a window menu, toolbar (enable / disable, destroy, access and set up their ID, etc.); 4, showing all running processes, threads, modules (dlls) and the list window and can kill the process. 5, the modules can be inspected for loading and unloading libraries (dlls), it randomly registration and cancellation / dll file. 6, similar Platform: |
Size: 190934 |
Author:郑波 |
Hits:
Description: 虽然我不知道icesword是什么样列举服务的,但估计最终也是通过历遍SCM内部的ServiceRecordList来检测。
为什么呢?看下面。
用附件中的InjectDLL.exe把hideservice.dll注入到Services.exe进程后就会把Alerter服务隐藏掉。用icesword也检测不出Alerter服务了。
代码原理很简单,就是在Services.exe进程找到ServiceRecordList表,将需要隐藏的服务从链表上断开。
既然icesword也检测不出了,那就说明icesword最终也是通过历遍SCM内部的ServiceRecordList来检测-Although I do not know what kind icesword enumerated services, it is estimated that by the end times calendar SCM internal ServiceRecordList to detect. Why? See below. The annex InjectDLL.exe put hideservice.dll injected into Ser vices.exe process after Alerter service will be hidden swap. Detection also used icesword not Alerter service. Code principle is very simple. Services.exe is in the process of finding ServiceRecordList table Hide will need the services disconnected from the chain on. Since icesword also can not be detected. it shows icesword calendar through the end times within the SCM ServiceRecordL ist to detect Platform: |
Size: 19964 |
Author:79282853 |
Hits:
Description: 这是使用 Win32 API 编写的一个功能强大的程序。可谓无所不能。
1、编辑和修改任何活动程序的窗口、菜单、工具栏以及其它控制(各种按钮、编辑框、组合框等)。
2、对于某个运行中程序的窗口/控制,你可以:
——将它们Enable/Disable,Show/Hide,销毁(带自定义返回);
——修改它们的图标、口令字符、字体、背景色、位置、大小和标题;
3、编辑某个窗口的菜单、工具栏(enable/disable,销毁,获取和设置其ID等);
4、显示出所有运行的进程、线程、模块(dlls)和窗口清单,并可以kill进程。
5、用模块察看器可以加载和卸载库(dlls),可以注册和注销ocx/dll文件。
6、类似WM_COMMAND的消息可以被发送到某个窗口。
7、任何窗口都可以被拷贝成一幅位图图像(Bitmap),并将图像发到剪贴板。
8、Disable任务管理器(Task Manager)。
9、察看被各个窗口打开的所有文件。从而监视系统中文件的活动。
-This is the use of Win32 API prepared a powerful process. Is omnipotent. One, editing and revising procedures for any activity window, menu, toolbar, and other control (various buttons, edit box, frame composition etc.). 2 for a certain operation procedures window/control, you can :-- they Enable/Disable, Show/Hide destruction (with the custom to return);-- Amend their icon, password characters, fonts, background color, location, size and title ; 3, editing a window menu, toolbar (enable/disable, destroy, access and set up their ID, etc.); 4, showing all running processes, threads, modules (dlls) and the list window and can kill the process. 5, the modules can be inspected for loading and unloading libraries (dlls), it randomly registration and cancellation/dll file. 6, similar Platform: |
Size: 190464 |
Author:郑波 |
Hits:
Description: 一个简单通过远程线程注入方式隐藏进程的源码.一个DLL模块,一个loader模块.可以拿来当模板使用.方便极了.-A simple manner through remote thread into the source code to hide the process. A DLL module, a module loader. Can be used as a template to use. Very convenient. Platform: |
Size: 246784 |
Author:车军 |
Hits:
Description: VS2005下使用的dll,可以隐藏进程,即从进程列表中看不到-VS2005 to use the dll, can hide the process, that is, from the process list can not see Platform: |
Size: 13312 |
Author:任静 |
Hits:
Description: 隐藏任意进程源代码,VC++。用法: HideProcess [ PName | PID ], drop一个dll注入想要隐藏的进程,修改系统进程链。-Arbitrary process to hide the source code, VC++. Usage: HideProcess [PName | PID], drop a dll into the process you want to hide, modify system process chain. Platform: |
Size: 62464 |
Author:DNA |
Hits:
Description: 这是一个 能隐藏进程的源代码。没有其他恶意代码,仅仅隐藏进程。-This is a process to hide the source code. No other malicious code, just to hide the process. Platform: |
Size: 91136 |
Author:张龙 |
Hits:
Description: Although I do not know what kind icesword enumerated services, it is estimated that by the end times calendar SCM internal ServiceRecordList to detect. Why? See below. The annex InjectDLL.exe put hideservice.dll injected into Ser vices.exe process after Alerter service will be hidden swap. Detection also used icesword not Alerter service. Code principle is very simple. Services.exe is in the process of finding ServiceRecordList table Hide will need the services disconnected from the chain on. Since icesword also can not be detected. it shows icesword calendar through the end times within the SCM ServiceRecordL ist to detect Platform: |
Size: 2048 |
Author:fisher |
Hits:
Description: Dll进程注入 一种简单的方法隐藏进程 在dll中运行代码-The simplest ways to hide a process is to have no process Basically what you need to do is place your meaningful code in a DLL, inject that DLL in an inconspicuous process (like Explorer.exe) and run your code. This can be fairly easily achieved by CreateRemoteThread() API function. I have created a sample application DLL that demonstrate this approach Platform: |
Size: 9216 |
Author:miller |
Hits:
Description: 程序用于随时监测进程“mxmain.dll”(梦想世界进程)和“game.exe”(红警进程),当发现两个程序运行时,就会立即将两个程序结束掉,使电脑无法成为游戏工具。
同时该程序还是现了隐藏窗口的功能。-kill process of "mxmain.dll" and "game.exe" which are game processes.
it will hide windows when start. Platform: |
Size: 1989632 |
Author:zhao ls |
Hits:
Description: these are two functions that can be used to hide your just loaded dll, from the process peb. use one or another-these are two functions that can be used to hide your just loaded dll, from the process peb. use one or another Platform: |
Size: 102400 |
Author:tornado |
Hits:
Description: 采用注入到其他进程的方法来隐藏自己的进程。就是说,把你想做的事情寄生到别人的进程里面。比如IE什么的。关于注入的方法很多,下面我给你一个DLL注入的方法,这个是我做某外挂时用过的代码,你参考一下把。-Injected into the process of adopting other methods to hide its own process. In other words, you want to do the parasite to other people inside the process. For example, what IE. On the way into a lot of the following I will give you a way to inject DLL, this is what I used to do when a plug-in code, you refer to the. Platform: |
Size: 2048 |
Author:JH |
Hits:
Description: 给大家介绍种隐藏进
程新思路方法它仍然是以DLL形式存在(同样需要由其他可执行文件来加载)而且还具有无端口特性它就是使用了
Windows Socket 2新特性服务提供者接口(Service Provider Interface)SPI-To introduce the kinds of new ideas and methods which hide the process is still a DLL form (also required by the other executable file to load) but also that it has no port feature is the use of the new features of the Windows Socket 2 service provider interface (Service Provider Interface) SPI Platform: |
Size: 174080 |
Author:李志勇 |
Hits:
Description: IDA Stealth is a plugin which aims to hide the IDA debugger from most common anti-debugging techniques. The plugin is composed of two files, the plugin itself and a dll which is injected into the debuggee as soon as the debugger attaches to the process. The injected dll actually implements most of the stealth techniques either by hooking system calls or by patching some flags in the remote process.-IDA Stealth is a plugin which aims to hide the IDA debugger from most common anti-debugging techniques. The plugin is composed of two files, the plugin itself and a dll which is injected into the debuggee as soon as the debugger attaches to the process. The injected dll actually implements most of the stealth techniques either by hooking system calls or by patching some flags in the remote process.
Platform: |
Size: 820224 |
Author:louis |
Hits:
Description: 使用代码注入来实现进程隐藏 而不是使用DLL注入来实现进程隐藏
没有什么高级技术 纯体力活 原理就不说了 只是没有通过DLL注入 来实现HOOK API
纯粹注入代码 邪恶二进制上 也有个代码注入的 只是用了一个未公开的函数,我还看不懂
本来想用汇编写的 发现汇编注入代码远比C注入代码来的繁 所以用C实现了
主要功能就是 隐藏进程 不过RING3的似乎没多大用 练习而已-Use code injection to achieve the process of hide instead of using DLL injection process to achieve the advanced technology hidden no principle of pure manual labor is not said is not achieved through DLL injection into the code is purely evil HOOK API also has a binary code injection is used an undisclosed function, I can not understand originally wanted to write in assembly code than the C found to inject into the assembly code to the prosperity it achieved with the C main function is to hide the process, however, seems not much RING3 only with practice Platform: |
Size: 4096 |
Author:张做像 |
Hits:
Description: Api hide process, it works on all windows only need a good injector to test. The source is here and the dll file too. Platform: |
Size: 548864 |
Author:juangenius |
Hits:
Search - dll hide process