c - how can I hide a device driver from the service controller? -


i writing game hack , want run cheat engine while game running, anti hack detects both user mode , kernel mode components , terminates game. wrote device driver hook zwquerysysteminformation hide process. hide device driver since still detected.i know dkom id prefer use ssdt hook, know api should hook filter list of services/drivers?

you can follow article beginning start , use supplied code , customize fit own needs: http://www.codeproject.com/articles/46670/service-hiding

word of advice, if don't know doing, best not play such stuff.

on side note, tend on complicate architecture , compilation process expect hiccups not going straightforward solution. but, should address , solves question , needs.

edit:

you need hook services api responsible showing services running on computer. example "services.exe" data structure(s) need modifiy/alter hide driver. in specific service_record structure , following members needs modified well: prev, next , servicename. once have found such structure inside services.exe basic algorithm 101. drop required driver want hide doubly-linked list. following image courtesy of article mentioned before.

enter image description here

this basic or general rule behind hiding service.


Comments

Post a Comment

Popular posts from this blog

basic authentication with http post params android -

i doing basic authentication passing username , password , using basicnamevaluepair sending post params response service. my method: public stringbuilder callservicehttppost(string username, string password, string type) { // create new httpclient , post header httpclient httpclient = new defaulthttpclient(); httppost httppost = new httppost(webservice + type); httpresponse response = null; stringbuilder total = new stringbuilder(); try { url url = new url(webservice + type); /*string base64encodedcredentials = base64.encodetostring((username + ":" + password).getbytes(), base64.url_safe | base64.no_wrap);*/ string base64encodedcredentials = "basic " + base64.encodetostring( (username + ":" + password).getbytes(), base64.no_wrap); httppost.setheader("auth...
Read more

vb.net - Virtual Keyboard commands -

i wondering difference between virtual these keyboard commands is: keyeventf_extendedkey , keyeventf_keyup is. everywhere have looked gives me description based off integers , not want know each of them does. you've tagged question vb.net, these have nothing @ vb.net. they're constants defined in windows header files, use win32 api functions. as far difference, can't tell looking @ values. individual values not particularly important, that's why named identifiers used. what's important used , documentation functions tells mean. the first one, keyeventf_extendedkey , used keybdinput structure (which used along e.g. sendinput function) pass information synthesized keyboard input. if flag used, means scan code should interpreted extended key. technically, means scan code preceded prefix byte value 224 (&he0 in hexadecimal notation). the second one, keyeventf_keyup , 1 of flags available use structure. means key being released (going up)...
Read more

How to get multiresult with multicondition in Sql Server -

i need solve this. hopefully can giving me advices. for sample, i've got data : proclib.march 1 first 10 rows flight date depart orig dest miles boarded capacity ----------------------------------------------------------------- 114 01mar94 7:10 lga lax 2475 172 210 202 01mar94 10:43 lga ord 740 151 210 219 01mar94 9:31 lga lon 3442 198 250 622 01mar94 12:19 lga fra 3857 207 250 132 01mar94 15:35 lga yyz 366 115 178 271 01mar94 13:17 lga par 3635 138 250 302 01mar94 20:22 lga 229 105 180 114 02mar94 7:10 lga lax 2475 119 210 202 02mar94 10:43 lga ord 740 120 210 219 02mar94 9:31 lga lon 344...
Read more