Jump to content
Sub_Zero

Hiding process from ctrl-alt-del <asm>

By Sub_Zero, in Programare

Recommended Posts

Sub_Zero Newbie

Sub_Zero

Posted
Posted

Hiding ctrl-alt-del in asm just a simple example..

Credit to CybOrgAsm

.386

.model flat, stdcall

include windows.inc

include user32.inc

include kernel32.inc

includelib user32.lib

includelib kernel32.lib

.data

mens1 db 'This process was hidden of control+alt+del box!', 0

mens2 db 'Now, you can see it...', 0

mcaption db 'Program: Hidden Process... by CybOrgAsm, POA - Brasil', 0

kernel32 db 'kernel32.dll', 0

func db 'RegisterServiceProcess', 0 ; undocumented.

.data?

RSP dd ?

.code

start:

invoke GetModuleHandle, ADDR kernel32 ; get module handle of kernel32.dll

or eax, eax ; you must LoadLibrary if your program

jz sair ; doesn't call any function in kernel32.dll

invoke GetProcAddress, eax, ADDR func ; we must get the address

; of undocumented function

or eax, eax

jz sair

mov [RSP], eax ; save the address

push 1 ; hide

push 0 ; 0 = this process

call RSP ; call it

invoke MessageBox, NULL, ADDR mens1, ADDR mcaption, MB_OK

push 0 ; well.. we don't have a function called

; "UnRegisterServiceProcess" BUT...

; if you put a 0 , you will "unhide" it >Smile

push 0 ; this process. (but what about unhide others?)

call RSP ; call it

invoke MessageBox, NULL, ADDR mens2, ADDR mcaption, MB_OK

sair:

invoke ExitProcess, 0 ; cya!

end start

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...