| View previous topic :: View next topic |
| Author |
Message |
sotaukko
Cheater
![]() Reputation: 0
Joined: 23 Oct 2007
Posts: 32
|
 Posted: Sat Dec 20, 2008 3:40 pm Post subject: C++ Rename process |
 |
|
| Ok i have made program named "Junk" which shows in task manager as Junk.exe How can i make it show in task manager as window.exe but the caption and the real name of the program is still Junk.exe?
|
|
| Back to top |
|
 |
rapion124
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Mar 2007
Posts: 1095
|
| Posted: Sat Dec 20, 2008 4:04 pm Post subject: |
|
|
| Rename the file to "window.exe" and run it.
|
|
| Back to top |
|
|
sotaukko
Cheater
![]() Reputation: 0
Joined: 23 Oct 2007
Posts: 32
|
| Posted: Sat Dec 20, 2008 4:24 pm Post subject: |
|
|
| rapion124 wrote: | | Rename the file to "window.exe" and run it. |
Yes but i want that user doesn't know what is the process of my program so he basically cant stop it from process watcher if he doesn't want to end processes randomly. I hope you get what i mean.
|
|
| Back to top |
|
|
manc
Grandmaster Cheater
 Reputation: 1
Joined: 16 Jun 2006
Posts: 551
|
| Posted: Sat Dec 20, 2008 4:28 pm Post subject: |
|
|
He still wants the executable to be named "Junk.exe"
But he wants to change the name of the process that shows up if queried for (i.e. Task Manager-->Process Watcher).
An alternative that I'm sure he wouldn't mind either is hiding the process altogether.
_________________
|
|
| Back to top |
|
|
Wintermoot
Expert Cheater
 Reputation: 0
Joined: 08 Nov 2007
Posts: 198
|
| Posted: Sat Dec 20, 2008 10:36 pm Post subject: |
|
|
| Find the listview's handle. Send a message to the listview telling it to change the process name (LVM_SETITEMTEXT) have fun.
|
|
| Back to top |
|
|
sponge
I'm a spammer
 Reputation: 1
Joined: 07 Nov 2006
Posts: 6009
|
| Posted: Sat Dec 20, 2008 11:03 pm Post subject: |
|
|
or extract your real exe. then run it then delete.
_________________
|
|
| Back to top |
|
|
sotaukko
Cheater
![]() Reputation: 0
Joined: 23 Oct 2007
Posts: 32
|
| Posted: Sun Dec 21, 2008 3:33 am Post subject: |
|
|
| Thank you.
|
|
| Back to top |
|
|
DeletedUser14087
I post too much
![]() Reputation: 2
Joined: 21 Jun 2006
Posts: 3069
|
| Posted: Sun Dec 21, 2008 4:16 am Post subject: |
|
|
that's the most stupid thing i have ever heard someone asking, you can't do it, it's impossible.
@Hawwwwwah: What about LVM_EDITLABEL ?
FindWindow -> SetFocus -> SendMessage.
|
|
| Back to top |
|
|
Symbol
I'm a spammer
![]() Reputation: 0
Joined: 18 Apr 2007
Posts: 5094
Location: Israel.
|
| Posted: Sun Dec 21, 2008 4:43 am Post subject: |
|
|
| HawwwaH wrote: | | Find the listview's handle. Send a message to the listview telling it to change the process name (LVM_SETITEMTEXT) have fun. |
That only applys to Task Manager...
|
|
| Back to top |
|
|
DeletedUser14087
I post too much
![]() Reputation: 2
Joined: 21 Jun 2006
Posts: 3069
|
| Posted: Sun Dec 21, 2008 5:36 am Post subject: |
|
|
If you wanna do it to create a trojan or a malware, the best way is to write the dump buffer of the malware @ run time (GetTempFolder) and use CreateProcess on it, disable the Firewall service beforehand (use GetVersionEx to detirmine if it's XP/Vista, their service name is different) and then make a snapshot and loop around it (make a hardcoded array of processes names) such as avp.exe, avg.exe, nod32.exe and kill them then create the malware.
Edit: Hey Symbol, how are you bro ? i haven't talked to you a few months, how have you been man  ?
|
|
| Back to top |
|
|
Noz3001
I'm a spammer
 Reputation: 26
Joined: 29 May 2006
Posts: 6220
Location: /dev/null
|
| Posted: Sun Dec 21, 2008 6:02 am Post subject: |
|
|
| Blob wrote: | If you wanna do it to create a trojan or a malware, the best way is to write the dump buffer of the malware @ run time (GetTempFolder) and use CreateProcess on it, disable the Firewall service beforehand (use GetVersionEx to detirmine if it's XP/Vista, their service name is different) and then make a snapshot and loop around it (make a hardcoded array of processes names) such as avp.exe, avg.exe, nod32.exe and kill them then create the malware.
Edit: Hey Symbol, how are you bro ? i haven't talked to you a few months, how have you been man ? |
Most anti-viruses have drivers which stop retarded attempts like that.
|
|
| Back to top |
|
|
DeletedUser14087
I post too much
![]() Reputation: 2
Joined: 21 Jun 2006
Posts: 3069
|
| Posted: Sun Dec 21, 2008 7:30 am Post subject: |
|
|
| noz3001 wrote: | | Blob wrote: | If you wanna do it to create a trojan or a malware, the best way is to write the dump buffer of the malware @ run time (GetTempFolder) and use CreateProcess on it, disable the Firewall service beforehand (use GetVersionEx to detirmine if it's XP/Vista, their service name is different) and then make a snapshot and loop around it (make a hardcoded array of processes names) such as avp.exe, avg.exe, nod32.exe and kill them then create the malware.
Edit: Hey Symbol, how are you bro ? i haven't talked to you a few months, how have you been man ? |
Most anti-viruses have drivers which stop retarded attempts like that. |
then make your own driver to prevent them from doing it (unlink from EPROCESS) or just make a program write itself in the registry to start @ reboot, it'll hook CreateServiceA/W to prevent retarded AV drivers from loading,  .
|
|
| Back to top |
|
|
smartz993
I post too much
 Reputation: 2
Joined: 20 Jun 2006
Posts: 2013
Location: USA
|
| Posted: Sun Dec 21, 2008 9:39 am Post subject: |
|
|
| Blob wrote: | that's the most stupid thing i have ever heard someone asking, you can't do it, it's impossible.
@Hawwwwwah: What about LVM_EDITLABEL ?
FindWindow -> SetFocus -> SendMessage. |
SetFocus? Shitheaddddddddd, wouldn't have to do this if you just use this macro:
| Code: |
VOID ListView_SetItemText(
HWND hwnd,
int i,
int iSubItem,
LPCTSTR pszText
);
|
Easiest way, least API calls.
| Blob wrote: | | noz3001 wrote: | | Blob wrote: | If you wanna do it to create a trojan or a malware, the best way is to write the dump buffer of the malware @ run time (GetTempFolder) and use CreateProcess on it, disable the Firewall service beforehand (use GetVersionEx to detirmine if it's XP/Vista, their service name is different) and then make a snapshot and loop around it (make a hardcoded array of processes names) such as avp.exe, avg.exe, nod32.exe and kill them then create the malware.
Edit: Hey Symbol, how are you bro ? i haven't talked to you a few months, how have you been man ? |
Most anti-viruses have drivers which stop retarded attempts like that. |
then make your own driver to prevent them from doing it (unlink from EPROCESS) or just make a program write itself in the registry to start @ reboot, it'll hook CreateServiceA/W to prevent retarded AV drivers from loading, . |
You are really dumb, and i can't take it anymore. Please leave.
|
|
| Back to top |
|
|
SFP+
Comp. talk moderator
 Reputation: 26
Joined: 02 May 2007
Posts: 1228
Location: Sweden
|
| Posted: Sun Dec 21, 2008 10:07 am Post subject: |
|
|
| Blob wrote: | | noz3001 wrote: | | Blob wrote: | If you wanna do it to create a trojan or a malware, the best way is to write the dump buffer of the malware @ run time (GetTempFolder) and use CreateProcess on it, disable the Firewall service beforehand (use GetVersionEx to detirmine if it's XP/Vista, their service name is different) and then make a snapshot and loop around it (make a hardcoded array of processes names) such as avp.exe, avg.exe, nod32.exe and kill them then create the malware.
Edit: Hey Symbol, how are you bro ? i haven't talked to you a few months, how have you been man ? |
Most anti-viruses have drivers which stop retarded attempts like that. |
then make your own driver to prevent them from doing it (unlink from EPROCESS) or just make a program write itself in the registry to start @ reboot, it'll hook CreateServiceA/W to prevent retarded AV drivers from loading, . |
CreateService is only called when the service is actually created. oh and, there's no such thing as a process name, just the process ID. process managers just get the name from the full file executable path (which is stored in the process data structure)
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Sun Dec 21, 2008 10:09 am Post subject: |
|
|
Why don't you just hide the process using a driver?
It was changing the FLink and BLink of PEProcess or something... Forgot...
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
