Hide AutoIT from TaskManager or other Options

namedrisk · 10/11/2009, 14:22

Hi,

does anyone have a code to hide autoit from task manager or any other options to make it not detectable ?

bassbanane · 10/11/2009, 15:08

What you're looking for is a rootkit. You either have to code one by yourself.. or you have to find one that's not detected by AV. I got one, but that's already detected ;-)

AllesVergeben · 10/11/2009, 17:04

Write

OPT("trayiconhide", 1)

Then the Icon on ur tast is gone.

You also can rename the script to svchos.exe to hide it.

But Non-Detectable is not possible i think.

~~TheOwnWay~~ · 10/11/2009, 22:31

Rootkit.

namedrisk · 10/11/2009, 23:43

well what i want to is to hide the proccess from AION, from what i saw AION has a system to verify each running proccess i guess my best bet with autoit would be a program that rename's itself upon executation...

There is no problem with icons being show on the window being on top as long as it is not listed on the task manager or they cannot see it

SOLUTION has to be within AUTOIT and no 3rd party stuff :P

bassbanane · 10/14/2009, 09:46

Does AION detect AutoIT? Well if you don't wanna use 3rd party stuff^^ it's impossible... Kernel Stuff with AutoIT is impossible i think

namedrisk · 10/16/2009, 19:35

No it does not detect because at this very momment there is no GameGuard or nProtect or xTrap OR WHATEVER there is...

i see... well autoit can load dll and work with them... but still not sure what can be done with kernel.dll + autoit.

buFFy! · 10/16/2009, 19:50

there's a dll, HideNtProcess.dll, maybe thats what you've been searching for.

Edit: Kernel stuff is not impossible..

Code:

$Handle1 = DllCallbackRegister("ThreadTest1", "int", "ptr")
$Handle2 = DllCallbackRegister("ThreadTest2", "int", "ptr")

Func CreateThread($Handle, $struct)
	$return = DllCall("kernel32.dll", "hwnd", "CreateThread", "ptr", 0, "dword", 0, "long", DllCallbackGetPtr($Handle), "ptr", DllStructGetPtr($struct), "long", 0, "int*", 0)
	Return $return[0]
EndFunc

$Struct1 = DllStructCreate("Char[200];int")
DllStructSetData($Struct1, 1, 10)
CreateThread($Handle1, $Struct1)

$Struct2 = DllStructCreate("Char[200];int")
DllStructSetData($Struct2, 1, 10)
CreateThread($Handle2, $Struct2)

MsgBox(0x40, "Thread 1", "Default Thread")

Func ThreadTest1($x)
	$y = DllStructCreate("char[200];int", $x)
	MsgBox(0x40, "Thread 2", "Added Thread #1")
EndFunc   ;==>_ThreadStart

Func ThreadTest2($x)
	$y = DllStructCreate("char[200];int", $x)
	MsgBox(0x40, "Thread 3", "Added Thread #2")
EndFunc   ;==>_ThreadStart

bassbanane · 10/16/2009, 21:51

Yeah i know Kernel stuff isn't impossible with AutoIT. But i wouldn't code a rootkit with AutoIT. It's just not that handy like for example C++

buFFy! · 10/17/2009, 08:26

Well AutoIT isn't made for such complicated things. Remember for what it's done.
The only way you can use AutoIt sense is, calling Function's from DLL's

namedrisk · 10/24/2009, 03:16

Thanks for the share man i will dig on it

Madara-Uchiha · 01/07/2014, 20:29

sry for gravedig but if you are still interessted, here is a very quick and crappy solution by removing the process-item from taskmanager.
Tested on XP, Vista, 7 (32 and 64 Bit)

Code:

Global $dll = dllopen("user32.dll")
Func ProcessHide()
    Opt("WinTitleMatchMode", 4)
    $TaskManTitle = "[CLASS:#32770]"
    Dim $ProcName1 = "calc.exe"
    While 1
        $FindIndex = ControlListView($TaskManTitle, "", 1009, "FindItem", $ProcName1)
        If $FindIndex <> -1 Then
            $hwnd = ControlGetHandle($TaskManTitle, "", 1009)
				MsgBox(0,'',$hwnd)
            DllCall($dll, "int", "SendMessage", "hwnd", $hwnd, "int", 0x1008, "int", $FindIndex, "int", 0)
        EndIf
        Sleep(10)
    WEnd
EndFunc
ProcessHide()

Lawliet · 01/08/2014, 14:14

#closed