• Stars
    star
    268
  • Rank 153,144 (Top 4 %)
  • Language
    C
  • Created almost 5 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

DLL that hooks the NtQuerySystemInformation API and hides a process name

HideProcessHook

Written by me sometime in 2019, HideProcessHook is a DLL that hooks the NtQuerySystemInformation API and hides a process name. explorer.exe is used in this as an example.

Good for learning about basic byte-patch hooking on 32 bit and 64 bit systems.

Projects

HideProcessHook

The actual DLL that is used to perform the hook. Upon loading the DLL, NtQuerySytemInformation will be hooked hiding explorer.exe from the linked list

HideProcessHookTester

Loads HideProcessHook.dll, calls NtQuerySytemInformation and then prints out the results. If all is well, explorer.exe will not be in the output.

HideProcessHookInjector

Injects HideProcessHook.dll into a pid specified by user input, hiding explorer.exe. Keep in mind that HideProcessHook.dll must be in the same current directory as the injector executable!

Compatibility

Should work on all Windows versions, both 32 and 64 bit.

Screenshots

Manually injecting the DLL into Task Manager using Process Hacker: