Re: Using the DDK.
- From: "L. Spiro" <LSpiro@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 13 Jun 2005 10:51:08 -0700
I told you what I am “really” trying to do.
I have read up on protections that certain software use to hide themselves
from process enumeration.
They are able to access the PEPROCESS structure and change the linked-list
pointers to omit themselves, so when the list is enumerated, they do not
appear, even to debuggers.
My current project may not REQUIRE this type of protection, since it is just
my own toy, and no one is going to try to hack it (probably), but that isn’t
the point.
I have an interest in software security and I wish to attempt this method of
hiding my process, specifically so I know I can do it.
I know the PEPROCESS is not documented and changes often, which is why I am
going to have an external file the driver can read which will give it the
offsets of the things it needs to change, so with new versions of Windows®
(or service packs), the user will be able to update this information and not
worry about it crashing.
It is really very simple, and I only need use of this one function, or
possible others if there turns out to be a need for them.
But how do I make a driver then, if a regular .dll will not cut it?
L. Spiro
.
- Follow-Ups:
- Re: Using the DDK.
- From: Robert Schlabbach
- Re: Using the DDK.
- References:
- Using the DDK.
- From: L. Spiro
- Re: Using the DDK.
- From: Don Burn
- Re: Using the DDK.
- From: L. Spiro
- Re: Using the DDK.
- From: Don Burn
- Using the DDK.
- Prev by Date: Re: Does Bill Gates know about the DDK regarding C++?
- Next by Date: Use IPSec from IM driver?
- Previous by thread: Re: Using the DDK.
- Next by thread: Re: Using the DDK.
- Index(es):
Relevant Pages
|
