Invisible Processes

invisible processes why

Invisible Processes - Why?

How come it's still possible for programs to hide their processes?
Download the free game Maple Story (www.mapleglobal.com) and check out it's GameGuard "Hack Prevention System" for an example

Because some programs are built this way.
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) � ZackNET Enterprises: www.zacknet.co.uk � MSBlog on ResDev: http://msblog.resdev.net � ZackNET Forum: www.zacknet.co.uk/forum � VistaBase: www.zacknet.co.uk/vistabase � This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!
--- Original message follows --- "Adahn" wrote in message

How come it's still possible for programs to hide their processes?
Download the free game Maple Story (www.mapleglobal.com) and check out it's GameGuard "Hack Prevention System" for an example

I tend to disagree there, programs can hide their processes but only because the OS is built to allow them to hide from Task Manager.
I wouldn't like to hazard whether that's a good or a bad thing, from a security point of view probably bad but it might well have some legitimate uses.
Plenty of 3rd party utilities that can show hidden processes though.
Peter Lawton
"Zack Whittaker (R2 Mentor)" wrote in message

Because some programs are built this way.
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) � ZackNET Enterprises: www.zacknet.co.uk � MSBlog on ResDev: http://msblog.resdev.net � ZackNET Forum: www.zacknet.co.uk/forum � VistaBase: www.zacknet.co.uk/vistabase � This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!
--- Original message follows --- "Adahn" wrote in message How come it's still possible for programs to hide their processes?
Download the free game Maple Story (www.mapleglobal.com) and check out it's GameGuard "Hack Prevention System" for an example

Peter Lawton wrote:

I tend to disagree there, programs can hide their processes but only because the OS is built to allow them to hide from Task Manager.
I wouldn't like to hazard whether that's a good or a bad thing, from a security point of view probably bad but it might well have some legitimate uses.
Plenty of 3rd party utilities that can show hidden processes though.
Peter Lawton
"Zack Whittaker (R2 Mentor)" wrote in message Because some programs are built this way.
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) � ZackNET Enterprises: www.zacknet.co.uk � MSBlog on ResDev: http://msblog.resdev.net � ZackNET Forum: www.zacknet.co.uk/forum � VistaBase: www.zacknet.co.uk/vistabase � This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!
--- Original message follows --- "Adahn" wrote in message How come it's still possible for programs to hide their processes?
Download the free game Maple Story (www.mapleglobal.com) and check out it's GameGuard "Hack Prevention System" for an example

Vista enables rootkits?!?

-- capitan

Uh huh.
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) � ZackNET Enterprises: www.zacknet.co.uk � MSBlog on ResDev: http://msblog.resdev.net � ZackNET Forum: www.zacknet.co.uk/forum � VistaBase: www.zacknet.co.uk/vistabase � This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!
--- Original message follows --- "capitan" wrote in message

Peter Lawton wrote: I tend to disagree there, programs can hide their processes but only because the OS is built to allow them to hide from Task Manager.
I wouldn't like to hazard whether that's a good or a bad thing, from a security point of view probably bad but it might well have some legitimate uses.
Plenty of 3rd party utilities that can show hidden processes though.
Peter Lawton
"Zack Whittaker (R2 Mentor)" wrote in message Because some programs are built this way.
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) � ZackNET Enterprises: www.zacknet.co.uk � MSBlog on ResDev: http://msblog.resdev.net � ZackNET Forum: www.zacknet.co.uk/forum � VistaBase: www.zacknet.co.uk/vistabase � This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!
--- Original message follows --- "Adahn" wrote in message How come it's still possible for programs to hide their processes?
Download the free game Maple Story (www.mapleglobal.com) and check out it's GameGuard "Hack Prevention System" for an example

Vista enables rootkits?!?
-- capitan

Am I the only one who feels that the number of Zack's irrelevant comments has long gone beyond just toeing the borderline of spam? :)
"Zack Whittaker (R2 Mentor)" wrote in message > Uh huh.

Why would you say that? I gave an answer didn't I?
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) � ZackNET Enterprises: www.zacknet.co.uk � MSBlog on ResDev: http://msblog.resdev.net � ZackNET Forum: www.zacknet.co.uk/forum � VistaBase: www.zacknet.co.uk/vistabase � This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!
--- Original message follows --- "Adahn" wrote in message

Am I the only one who feels that the number of Zack's irrelevant comments has long gone beyond just toeing the borderline of spam? :)
"Zack Whittaker (R2 Mentor)" wrote in message Uh huh.

I guess he didn't understand what Uh huh.ment. I really want to thank both you and Andrea De Costa. I am sure there are others, but you two really stand out in this forum. Thank you for all of your support.
"Zack Whittaker (R2 Mentor)" wrote in message

Why would you say that? I gave an answer didn't I?
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) � ZackNET Enterprises: www.zacknet.co.uk � MSBlog on ResDev: http://msblog.resdev.net � ZackNET Forum: www.zacknet.co.uk/forum � VistaBase: www.zacknet.co.uk/vistabase � This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!
--- Original message follows --- "Adahn" wrote in message Am I the only one who feels that the number of Zack's irrelevant comments has long gone beyond just toeing the borderline of spam? :)
"Zack Whittaker (R2 Mentor)" wrote in message Uh huh.

Wow :o) Thanks very much :o)
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) � ZackNET Enterprises: www.zacknet.co.uk � MSBlog on ResDev: http://msblog.resdev.net � ZackNET Forum: www.zacknet.co.uk/forum � VistaBase: www.zacknet.co.uk/vistabase � This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!
--- Original message follows --- "Jason" wrote in message

I guess he didn't understand what Uh huh.ment. I really want to thank both you and Andrea De Costa. I am sure there are others, but you two really stand out in this forum. Thank you for all of your support.
"Zack Whittaker (R2 Mentor)" wrote in message Why would you say that? I gave an answer didn't I?
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) � ZackNET Enterprises: www.zacknet.co.uk � MSBlog on ResDev: http://msblog.resdev.net � ZackNET Forum: www.zacknet.co.uk/forum � VistaBase: www.zacknet.co.uk/vistabase � This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!
--- Original message follows --- "Adahn" wrote in message Am I the only one who feels that the number of Zack's irrelevant comments has long gone beyond just toeing the borderline of spam? :)
"Zack Whittaker (R2 Mentor)" wrote in message Uh huh.

Adahn wrote:

Am I the only one who feels that the number of Zack's irrelevant comments has long gone beyond just toeing the borderline of spam? :)
"Zack Whittaker (R2 Mentor)" wrote in message Uh huh.

I don't know if you are the only one, I can only say I do not agree. I find Zack to refreshingly open and honest in all responses about the good as well as the bad of Vista. Zack, thanks for your continuing objectivity of your posts and thanks for the answer to my question. Adahn, I feel the same about your posts here, they are very objective. Thank you also.
-- capitan

Thank you very much, Zack and I both share a passion for this operating system and so do many of you who participate here. I to be part of that experiencing of at least helping make people understand what Windows Vista is all about based on my perspective an knowledge of the operating system. Its a learning experience for and thats probably one of the best things about it, we are harnessing each others expertise and benefitting in gooey goodness of it all. :-p
Andrea De Costa - o_O -- -- Andre Windows Connect | http://www.windowsconnected.com Extended64 | http://www.extended64.com Blog | http://www.extended64.com/blogs/andre http://spaces.msn.com/members/adacosta
"Jason" wrote in message

I guess he didn't understand what Uh huh.ment. I really want to thank both you and Andrea De Costa. I am sure there are others, but you two really stand out in this forum. Thank you for all of your support.
"Zack Whittaker (R2 Mentor)" wrote in message Why would you say that? I gave an answer didn't I?
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) � ZackNET Enterprises: www.zacknet.co.uk � MSBlog on ResDev: http://msblog.resdev.net � ZackNET Forum: www.zacknet.co.uk/forum � VistaBase: www.zacknet.co.uk/vistabase � This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!
--- Original message follows --- "Adahn" wrote in message Am I the only one who feels that the number of Zack's irrelevant comments has long gone beyond just toeing the borderline of spam? :)
"Zack Whittaker (R2 Mentor)" wrote in message Uh huh.

"Adahn" wrote in message news:ej1SE4YRGHA.4952@TK2MSFTNGP09.phx.gbl

Am I the only one who feels that the number of Zack's irrelevant comments has long gone beyond just toeing the borderline of spam? :)
"Zack Whittaker (R2 Mentor)" wrote in message Uh huh.

You are certainly part of a small minority, but probably not the only one.
-- Frank Saunders, MS-MVP OE Please respond in Newsgroup. Do not send email http://www.fjsmjs.com Protect your PC http://www.microsoft.com/security/protect/

Hey, I just say it how it is :o)
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) � ZackNET Enterprises: www.zacknet.co.uk � MSBlog on ResDev: http://msblog.resdev.net � ZackNET Forum: www.zacknet.co.uk/forum � VistaBase: www.zacknet.co.uk/vistabase � This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!
--- Original message follows --- "capitan" wrote in message

Adahn wrote: Am I the only one who feels that the number of Zack's irrelevant comments has long gone beyond just toeing the borderline of spam? :)
"Zack Whittaker (R2 Mentor)" wrote in message Uh huh.
I don't know if you are the only one, I can only say I do not agree. I find Zack to refreshingly open and honest in all responses about the good as well as the bad of Vista. Zack, thanks for your continuing objectivity of your posts and thanks for the answer to my question. Adahn, I feel the same about your posts here, they are very objective. Thank you also.
-- capitan

The grammar stunk in that one: Thank you very much, Zack and I both share a passion for this operating system and so do many of you who participate here. To be a part of that experience of at least helping to make people understand what Windows Vista is all about based on my perspective and knowledge of the operating system. Its a learning experience for me and thats probably one of the best things about it, we are harnessing each others expertise and benefitting in the gooey goodness of it all. -- -- Andre Windows Connect | http://www.windowsconnected.com Extended64 | http://www.extended64.com Blog | http://www.extended64.com/blogs/andre http://spaces.msn.com/members/adacosta
"Andre Da Costa [Extended64]" wrote in message

Thank you very much, Zack and I both share a passion for this operating system and so do many of you who participate here. I to be part of that experiencing of at least helping make people understand what Windows Vista is all about based on my perspective an knowledge of the operating system. Its a learning experience for and thats probably one of the best things about it, we are harnessing each others expertise and benefitting in gooey goodness of it all. :-p
Andrea De Costa - o_O -- -- Andre Windows Connect | http://www.windowsconnected.com Extended64 | http://www.extended64.com Blog | http://www.extended64.com/blogs/andre http://spaces.msn.com/members/adacosta
"Jason" wrote in message I guess he didn't understand what Uh huh.ment. I really want to thank both you and Andrea De Costa. I am sure there are others, but you two really stand out in this forum. Thank you for all of your support.
"Zack Whittaker (R2 Mentor)" wrote in message Why would you say that? I gave an answer didn't I?
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) � ZackNET Enterprises: www.zacknet.co.uk � MSBlog on ResDev: http://msblog.resdev.net � ZackNET Forum: www.zacknet.co.uk/forum � VistaBase: www.zacknet.co.uk/vistabase � This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!
--- Original message follows --- "Adahn" wrote in message Am I the only one who feels that the number of Zack's irrelevant comments has long gone beyond just toeing the borderline of spam? :)
"Zack Whittaker (R2 Mentor)" wrote in message Uh huh.

And there's nothing wrong with gooey goodness ;)

I love gooey goodness... usually comes in the form of something wrapped with chocolate on the inside :o) Hmm....
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) � ZackNET Enterprises: www.zacknet.co.uk � MSBlog on ResDev: http://msblog.resdev.net � ZackNET Forum: www.zacknet.co.uk/forum � VistaBase: www.vistabase.co.uk � This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!
--- Original message follows --- "Jane Colman" wrote in message

And there's nothing wrong with gooey goodness ;)

There is nothing wrong with being spoiled every now and then. ;) -- -- Andre Windows Connect | http://www.windowsconnected.com Extended64 | http://www.extended64.com Blog | http://www.extended64.com/blogs/andre http://spaces.msn.com/members/adacosta
"Jane Colman" wrote in message

And there's nothing wrong with gooey goodness ;)

Zack wrote: Hey, I just say it how it is......sometimes :o)
:-p -- -- Andre Windows Connect | http://www.windowsconnected.com Extended64 | http://www.extended64.com Blog | http://www.extended64.com/blogs/andre http://spaces.msn.com/members/adacosta
"Zack Whittaker (R2 Mentor)" wrote in message

Hey, I just say it how it is :o)
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) � ZackNET Enterprises: www.zacknet.co.uk � MSBlog on ResDev: http://msblog.resdev.net � ZackNET Forum: www.zacknet.co.uk/forum � VistaBase: www.zacknet.co.uk/vistabase � This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!
--- Original message follows --- "capitan" wrote in message Adahn wrote: Am I the only one who feels that the number of Zack's irrelevant comments has long gone beyond just toeing the borderline of spam? :)
"Zack Whittaker (R2 Mentor)" wrote in message Uh huh.
I don't know if you are the only one, I can only say I do not agree. I find Zack to refreshingly open and honest in all responses about the good as well as the bad of Vista. Zack, thanks for your continuing objectivity of your posts and thanks for the answer to my question. Adahn, I feel the same about your posts here, they are very objective. Thank you also.
-- capitan

If that's the case then I think I am Adahn share a passion for *unified UI* for *all* Microsoft operating system...
Note I didn't use capital letters this time...
-- Nicholas...
"Overclock Your Life, Then The World" "Andre Da Costa [Extended64]" wrote in message

Thank you very much, Zack and I both share a passion for this operating system and so do many of you who participate here. I to be part of that experiencing of at least helping make people understand what Windows Vista is all about based on my perspective an knowledge of the operating system. Its a learning experience for and thats probably one of the best things about it, we are harnessing each others expertise and benefitting in gooey goodness of it all. :-p
Andrea De Costa - o_O -- -- Andre Windows Connect | http://www.windowsconnected.com Extended64 | http://www.extended64.com Blog | http://www.extended64.com/blogs/andre http://spaces.msn.com/members/adacosta
"Jason" wrote in message I guess he didn't understand what Uh huh.ment. I really want to thank both you and Andrea De Costa. I am sure there are others, but you two really stand out in this forum. Thank you for all of your support.
"Zack Whittaker (R2 Mentor)" wrote in message Why would you say that? I gave an answer didn't I?
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) � ZackNET Enterprises: www.zacknet.co.uk � MSBlog on ResDev: http://msblog.resdev.net � ZackNET Forum: www.zacknet.co.uk/forum � VistaBase: www.zacknet.co.uk/vistabase � This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!
--- Original message follows --- "Adahn" wrote in message Am I the only one who feels that the number of Zack's irrelevant comments has long gone beyond just toeing the borderline of spam? :)
"Zack Whittaker (R2 Mentor)" wrote in message Uh huh.

oops, and grammatical error like Andre...
If that's the case then I think I *and* Adahn share a passion for *unified and consistence UI* for *all* Microsoft operating system starting from 2006...
-- Nicholas...
"Overclock Your Life, Then The World" <Nicholas> wrote in message

If that's the case then I think I am Adahn share a passion for *unified UI* for *all* Microsoft operating system...
Note I didn't use capital letters this time...
-- Nicholas...
"Overclock Your Life, Then The World" "Andre Da Costa [Extended64]" wrote in message Thank you very much, Zack and I both share a passion for this operating system and so do many of you who participate here. I to be part of that experiencing of at least helping make people understand what Windows Vista is all about based on my perspective an knowledge of the operating system. Its a learning experience for and thats probably one of the best things about it, we are harnessing each others expertise and benefitting in gooey goodness of it all. :-p
Andrea De Costa - o_O -- -- Andre Windows Connect | http://www.windowsconnected.com Extended64 | http://www.extended64.com Blog | http://www.extended64.com/blogs/andre http://spaces.msn.com/members/adacosta
"Jason" wrote in message I guess he didn't understand what Uh huh.ment. I really want to thank both you and Andrea De Costa. I am sure there are others, but you two really stand out in this forum. Thank you for all of your support.
"Zack Whittaker (R2 Mentor)" wrote in message Why would you say that? I gave an answer didn't I?
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) � ZackNET Enterprises: www.zacknet.co.uk � MSBlog on ResDev: http://msblog.resdev.net � ZackNET Forum: www.zacknet.co.uk/forum � VistaBase: www.zacknet.co.uk/vistabase � This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!
--- Original message follows --- "Adahn" wrote in message Am I the only one who feels that the number of Zack's irrelevant comments has long gone beyond just toeing the borderline of spam? :)
"Zack Whittaker (R2 Mentor)" wrote in message Uh huh.

Shurrup you :oP you can talk! Hehe!
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) � ZackNET Enterprises: www.zacknet.co.uk � MSBlog on ResDev: http://msblog.resdev.net � ZackNET Forum: www.zacknet.co.uk/forum � VistaBase: www.vistabase.co.uk � This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!
--- Original message follows --- "Andre Da Costa [Extended64]" wrote in message

Zack wrote: Hey, I just say it how it is......sometimes :o)
:-p -- -- Andre Windows Connect | http://www.windowsconnected.com Extended64 | http://www.extended64.com Blog | http://www.extended64.com/blogs/andre http://spaces.msn.com/members/adacosta
"Zack Whittaker (R2 Mentor)" wrote in message Hey, I just say it how it is :o)
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) � ZackNET Enterprises: www.zacknet.co.uk � MSBlog on ResDev: http://msblog.resdev.net � ZackNET Forum: www.zacknet.co.uk/forum � VistaBase: www.zacknet.co.uk/vistabase � This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!
--- Original message follows --- "capitan" wrote in message Adahn wrote: Am I the only one who feels that the number of Zack's irrelevant comments has long gone beyond just toeing the borderline of spam? :)
"Zack Whittaker (R2 Mentor)" wrote in message Uh huh.
I don't know if you are the only one, I can only say I do not agree. I find Zack to refreshingly open and honest in all responses about the good as well as the bad of Vista. Zack, thanks for your continuing objectivity of your posts and thanks for the answer to my question. Adahn, I feel the same about your posts here, they are very objective. Thank you also.
-- capitan

Are you SURE it can be done?
I would love to see an example, you can sort of hide what you program is doing by running it from rundll or svchost.
but as for HIDING a PID, I don't think this can be done, hiding from task manager is not the same as hiding a process.
The root tool kit stuff was done by writing a device driver for the HD that reported incorrect info back.
Steve
"Adahn" wrote in message

How come it's still possible for programs to hide their processes?
Download the free game Maple Story (www.mapleglobal.com) and check out it's GameGuard "Hack Prevention System" for an example

Good for you... ;-) -- -- Andre Windows Connect | http://www.windowsconnected.com Extended64 | http://www.extended64.com Blog | http://www.extended64.com/blogs/andre http://spaces.msn.com/members/adacosta
<Nicholas> wrote in message

If that's the case then I think I am Adahn share a passion for *unified UI* for *all* Microsoft operating system...
Note I didn't use capital letters this time...
-- Nicholas...
"Overclock Your Life, Then The World" "Andre Da Costa [Extended64]" wrote in message Thank you very much, Zack and I both share a passion for this operating system and so do many of you who participate here. I to be part of that experiencing of at least helping make people understand what Windows Vista is all about based on my perspective an knowledge of the operating system. Its a learning experience for and thats probably one of the best things about it, we are harnessing each others expertise and benefitting in gooey goodness of it all. :-p
Andrea De Costa - o_O -- -- Andre Windows Connect | http://www.windowsconnected.com Extended64 | http://www.extended64.com Blog | http://www.extended64.com/blogs/andre http://spaces.msn.com/members/adacosta
"Jason" wrote in message I guess he didn't understand what Uh huh.ment. I really want to thank both you and Andrea De Costa. I am sure there are others, but you two really stand out in this forum. Thank you for all of your support.
"Zack Whittaker (R2 Mentor)" wrote in message Why would you say that? I gave an answer didn't I?
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) � ZackNET Enterprises: www.zacknet.co.uk � MSBlog on ResDev: http://msblog.resdev.net � ZackNET Forum: www.zacknet.co.uk/forum � VistaBase: www.zacknet.co.uk/vistabase � This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!
--- Original message follows --- "Adahn" wrote in message Am I the only one who feels that the number of Zack's irrelevant comments has long gone beyond just toeing the borderline of spam? :)
"Zack Whittaker (R2 Mentor)" wrote in message Uh huh.

Maybe its contagious. :) -- -- Andre Windows Connect | http://www.windowsconnected.com Extended64 | http://www.extended64.com Blog | http://www.extended64.com/blogs/andre http://spaces.msn.com/members/adacosta
<Nicholas> wrote in message

oops, and grammatical error like Andre...
If that's the case then I think I *and* Adahn share a passion for *unified and consistence UI* for *all* Microsoft operating system starting from 2006...
-- Nicholas...
"Overclock Your Life, Then The World" Nicholas> wrote in message If that's the case then I think I am Adahn share a passion for *unified UI* for *all* Microsoft operating system...
Note I didn't use capital letters this time...
-- Nicholas...
"Overclock Your Life, Then The World" "Andre Da Costa [Extended64]" wrote in message Thank you very much, Zack and I both share a passion for this operating system and so do many of you who participate here. I to be part of that experiencing of at least helping make people understand what Windows Vista is all about based on my perspective an knowledge of the operating system. Its a learning experience for and thats probably one of the best things about it, we are harnessing each others expertise and benefitting in gooey goodness of it all. :-p
Andrea De Costa - o_O -- -- Andre Windows Connect | http://www.windowsconnected.com Extended64 | http://www.extended64.com Blog | http://www.extended64.com/blogs/andre http://spaces.msn.com/members/adacosta
"Jason" wrote in message I guess he didn't understand what Uh huh.ment. I really want to thank both you and Andrea De Costa. I am sure there are others, but you two really stand out in this forum. Thank you for all of your support.
"Zack Whittaker (R2 Mentor)" wrote in message Why would you say that? I gave an answer didn't I?
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) � ZackNET Enterprises: www.zacknet.co.uk � MSBlog on ResDev: http://msblog.resdev.net � ZackNET Forum: www.zacknet.co.uk/forum � VistaBase: www.zacknet.co.uk/vistabase � This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!
--- Original message follows --- "Adahn" wrote in message Am I the only one who feels that the number of Zack's irrelevant comments has long gone beyond just toeing the borderline of spam? :)
"Zack Whittaker (R2 Mentor)" wrote in message Uh huh.

Alright, now that the spam barrage has abated, we may get to the issue at hand, but I'd rather move the discussion to the Security forums, which is where the original post should've been in the first place :( my bad!
"Steve Drake" wrote in message

Are you SURE it can be done?
I would love to see an example, you can sort of hide what you program is doing by running it from rundll or svchost.
but as for HIDING a PID, I don't think this can be done, hiding from task manager is not the same as hiding a process.
The root tool kit stuff was done by writing a device driver for the HD that reported incorrect info back.

I have been coding for years, from writing DOS app in C/C++, Win 3 apps in C/C++, Win32 Apps in C++ and now managed code, and a little VB :)
I really don't think you can create an invisible process, you can create a invisible program (eg no window handle), but that completely different. As I said before, you could hide in another process, with RUNDLL.
please, someone prove me wrong, I would love to see that could that would make this happen.
Steve
"Adahn" wrote in message

Alright, now that the spam barrage has abated, we may get to the issue at hand, but I'd rather move the discussion to the Security forums, which is where the original post should've been in the first place :( my bad!
"Steve Drake" wrote in message Are you SURE it can be done?
I would love to see an example, you can sort of hide what you program is doing by running it from rundll or svchost.
but as for HIDING a PID, I don't think this can be done, hiding from task manager is not the same as hiding a process.
The root tool kit stuff was done by writing a device driver for the HD that reported incorrect info back.

I really don't think you can create an invisible process, you can create a invisible program (eg no window handle), but that completely different. As I said before, you could hide in another process, with RUNDLL.
please, someone prove me wrong, I would love to see that could that would make this happen.

Check the game mentioned in the original post.
I wouldn't have noticed it myself until it crashed to desktop for some reason, and said that an instance was already running when I tried to restart it :x
of course, no such instance was visible under Task Manager or tasklist, and Process Explorer (www.sysinternals.com) couldn't even start; it just froze up
Now, this game makes it very clear that it's not going to let you have anything to do with it outside of the game itself heh but the real question is, how many other apps must be doing the same, hiding not just their processes but any network connections they might make as well..?
Please respond in the identically named thread on the microsoft.public.windows.vista.security forums :)

Just been reading up, you can write Kernel mode root kit that can hijack the internal API that give process lists / count.
Interesting stuff :)
You can also download it root tool kit tool, this will try to findout if you have any root kits.
Ta
"Adahn" wrote in message

I really don't think you can create an invisible process, you can create a invisible program (eg no window handle), but that completely different. As I said before, you could hide in another process, with RUNDLL.
please, someone prove me wrong, I would love to see that could that would make this happen.
Check the game mentioned in the original post.
I wouldn't have noticed it myself until it crashed to desktop for some reason, and said that an instance was already running when I tried to restart it :x
of course, no such instance was visible under Task Manager or tasklist, and Process Explorer (www.sysinternals.com) couldn't even start; it just froze up
Now, this game makes it very clear that it's not going to let you have anything to do with it outside of the game itself heh but the real question is, how many other apps must be doing the same, hiding not just their processes but any network connections they might make as well..?
Please respond in the identically named thread on the microsoft.public.windows.vista.security forums :)

invisible processes why

Windows Vista

Invisible Processes - Why?

Windows Vista

User login

Related topics