Sub_Zero Posted October 10, 2006 Report Share Posted October 10, 2006 Hiding ctrl-alt-del in asm just a simple example..Credit to CybOrgAsm.386.model flat, stdcallinclude windows.incinclude user32.incinclude kernel32.incincludelib user32.libincludelib kernel32.lib.datamens1 db 'This process was hidden of control+alt+del box!', 0mens2 db 'Now, you can see it...', 0mcaption db 'Program: Hidden Process... by CybOrgAsm, POA - Brasil', 0kernel32 db 'kernel32.dll', 0func db 'RegisterServiceProcess', 0 ; undocumented..data?RSP dd ?.codestart:invoke GetModuleHandle, ADDR kernel32 ; get module handle of kernel32.dllor eax, eax ; you must LoadLibrary if your programjz sair ; doesn't call any function in kernel32.dllinvoke GetProcAddress, eax, ADDR func ; we must get the address; of undocumented functionor eax, eaxjz sairmov [RSP], eax ; save the addresspush 1 ; hidepush 0 ; 0 = this processcall RSP ; call itinvoke MessageBox, NULL, ADDR mens1, ADDR mcaption, MB_OKpush 0 ; well.. we don't have a function called; "UnRegisterServiceProcess" BUT...; if you put a 0 , you will "unhide" it >Smilepush 0 ; this process. (but what about unhide others?)call RSP ; call itinvoke MessageBox, NULL, ADDR mens2, ADDR mcaption, MB_OKsair:invoke ExitProcess, 0 ; cya!end start Quote Link to comment Share on other sites More sharing options...
hanibal Posted October 10, 2006 Report Share Posted October 10, 2006 interesant thx Quote Link to comment Share on other sites More sharing options...
