Exetools  

Go Back   Exetools > General > x64 OS
Reload this Page Hiding a process
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 03-03-2013, 06:40
securedsolutions
 
Posts: n/a
Hiding a process
Is there a reliable way to hide a process in x64 without having to reboot, or to switch off Patch Guard?
Reply With Quote
  #2  
Old 03-03-2013, 12:42
uel888 uel888 is offline
Friend
  
Join Date: May 2011
Posts: 44
Rept. Given: 171
Rept. Rcvd 5 Times in 3 Posts
Thanks Given: 245
Thanks Rcvd at 10 Times in 8 Posts
uel888 Reputation: 5
http://forum.exetools.com/showthread.php?t=12838
Reply With Quote
  #3  
Old 03-04-2013, 02:22
securedsolutions
 
Posts: n/a
Problem
Quote:
Originally Posted by uel888 View Post
http://forum.exetools.com/showthread.php?t=12838
This article requires disabling PG first.
Reply With Quote
  #4  
Old 08-15-2013, 09:02
athapa athapa is offline
Friend
  
Join Date: Jul 2013
Posts: 24
Rept. Given: 4
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 6
Thanks Rcvd at 4 Times in 3 Posts
athapa Reputation: 1
Seems like easyhook works with 64bit! That may help.

https://easyhook.codeplex.com/
Reply With Quote
  #5  
Old 08-25-2013, 11:13
Fyyre's Avatar
Fyyre Fyyre is offline
Fyyre
  
Join Date: Dec 2009
Location: 0°N 0°E / 0°N 0°E / 0; 0
Posts: 295
Rept. Given: 106
Rept. Rcvd 93 Times in 44 Posts
Thanks Given: 203
Thanks Rcvd at 397 Times in 130 Posts
Fyyre Reputation: 93
Quote:
Originally Posted by securedsolutions View Post
Is there a reliable way to hide a process in x64 without having to reboot, or to switch off Patch Guard?
No, there is not.

I would suggest moving away from kernel mode all together, and focus on usermode to accomplish what you need done.
__________________
Pax in vultu, bellum in corde.

--

https://github.com/Fyyre
Reply With Quote
  #6  
Old 08-29-2013, 17:59
deroko's Avatar
deroko deroko is offline
cr4zyserb
  
Join Date: Nov 2005
Posts: 217
Rept. Given: 13
Rept. Rcvd 30 Times in 14 Posts
Thanks Given: 7
Thanks Rcvd at 33 Times in 16 Posts
deroko Reputation: 30
Well, just remove process from ActiveProcessLink, of course, if you have signed driver.
__________________
http://accessroot.com
Reply With Quote
The Following User Gave Reputation+1 to deroko For This Useful Post:
Reply

Tags
process hiding, x64

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Process hiding with SSDT modification in x64 Win7 31337guru x64 OS 3 05-03-2012 18:16
ASPR 2.xx OEP hiding bug KaGra General Discussion 1 08-27-2005 19:52
hiding stuff SLIM SLIM General Discussion 4 01-26-2003 21:04


All times are GMT +8. The time now is 05:57.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )