This topic is pretty big on its own and worth reading about if you're interested. This isn't really "hiding a process", it's more like starting a new thread in an existing process, but thought I would mention it because it's related. This is like rootkit level stuff and requires a lot of access.Ĭhange the Process32Next to skip over the hidden process entirely when enum process is called (analysts usually find processes hidden with this method using tools like Volatility, but there are a ton of strategies)
Replace enum process and tell it not to return a process with a certain name/PID/path etc. Just follow this format to directly launch one of the utilities through the Run box: For instance, to launch Process Explorer, the executable name is procexp.exe, so you can use \\\tools\procexp.exe to launch Process Explorer, or change procexp.exe to procmon.exe to launch Process Monitor instead.
You should also read this, it talks a little bit about hiding processes based on user SID: Īt a high level, there are a several ways to accomplish process hiding: This is usually done in the context of malware (and for that reason, if you trust your executable it probably doesn't apply to you) but here is a link with some decent introductory reading. To your question about hiding processes from Get-Process, it is absolutely possible and common.
0 kommentar(er)
