Hide AutoIT from TaskManager or other Options

10/11/2009 14:22 namedrisk#1

Hi,

does anyone have a code to hide autoit from task manager or any other options to make it not detectable ?

10/11/2009 15:08 bassbanane#2

What you're looking for is a rootkit. You either have to code one by yourself.. or you have to find one that's not detected by AV. I got one, but that's already detected ;-)

10/11/2009 17:04 AllesVergeben#3

Write

OPT("trayiconhide", 1)

Then the Icon on ur tast is gone.

You also can rename the script to svchos.exe to hide it.

But Non-Detectable is not possible i think.

10/11/2009 22:31 TheOwnWay#4

Rootkit.

10/11/2009 23:43 namedrisk#5

well what i want to is to hide the proccess from AION, from what i saw AION has a system to verify each running proccess i guess my best bet with autoit would be a program that rename's itself upon executation...

There is no problem with icons being show on the window being on top as long as it is not listed on the task manager or they cannot see it

SOLUTION has to be within AUTOIT and no 3rd party stuff :P

10/14/2009 09:46 bassbanane#6

Does AION detect AutoIT? Well if you don't wanna use 3rd party stuff^^ it's impossible... Kernel Stuff with AutoIT is impossible i think ;)

10/16/2009 19:35 namedrisk#7

No it does not detect because at this very momment there is no GameGuard or nProtect or xTrap OR WHATEVER there is...

i see... well autoit can load dll and work with them... but still not sure what can be done with kernel.dll + autoit.

10/16/2009 19:50 buFFy!#8

there's a dll, HideNtProcess.dll, maybe thats what you've been searching for.

Edit: Kernel stuff is not impossible..

Code:

$Handle1 = DllCallbackRegister("ThreadTest1", "int", "ptr")
$Handle2 = DllCallbackRegister("ThreadTest2", "int", "ptr")

Func CreateThread($Handle, $struct)
	$return = DllCall("kernel32.dll", "hwnd", "CreateThread", "ptr", 0, "dword", 0, "long", DllCallbackGetPtr($Handle), "ptr", DllStructGetPtr($struct), "long", 0, "int*", 0)
	Return $return[0]
EndFunc

$Struct1 = DllStructCreate("Char[200];int")
DllStructSetData($Struct1, 1, 10)
CreateThread($Handle1, $Struct1)

$Struct2 = DllStructCreate("Char[200];int")
DllStructSetData($Struct2, 1, 10)
CreateThread($Handle2, $Struct2)

MsgBox(0x40, "Thread 1", "Default Thread")

Func ThreadTest1($x)
	$y = DllStructCreate("char[200];int", $x)
	MsgBox(0x40, "Thread 2", "Added Thread #1")
EndFunc   ;==>_ThreadStart

Func ThreadTest2($x)
	$y = DllStructCreate("char[200];int", $x)
	MsgBox(0x40, "Thread 3", "Added Thread #2")
EndFunc   ;==>_ThreadStart

10/16/2009 21:51 bassbanane#9

Yeah i know Kernel stuff isn't impossible with AutoIT. But i wouldn't code a rootkit with AutoIT. It's just not that handy like for example C++

10/17/2009 08:26 buFFy!#10

Well AutoIT isn't made for such complicated things. Remember for what it's done.
The only way you can use AutoIt sense is, calling Function's from DLL's ;)

10/24/2009 03:16 namedrisk#11

Thanks for the share man i will dig on it

01/07/2014 20:29 Madara-Uchiha#12

sry for gravedig but if you are still interessted, here is a very quick and crappy solution by removing the process-item from taskmanager.
Tested on XP, Vista, 7 (32 and 64 Bit)

Code:

Global $dll = dllopen("user32.dll")
Func ProcessHide()
    Opt("WinTitleMatchMode", 4)
    $TaskManTitle = "[CLASS:#32770]"
    Dim $ProcName1 = "calc.exe"
    While 1
        $FindIndex = ControlListView($TaskManTitle, "", 1009, "FindItem", $ProcName1)
        If $FindIndex <> -1 Then
            $hwnd = ControlGetHandle($TaskManTitle, "", 1009)
				MsgBox(0,'',$hwnd)
            DllCall($dll, "int", "SendMessage", "hwnd", $hwnd, "int", 0x1008, "int", $FindIndex, "int", 0)
        EndIf
        Sleep(10)
    WEnd
EndFunc
ProcessHide()

01/08/2014 14:14 Lawliet#13

#closed