ALEX(XX)
03.12.2009, 00:36
Смысл теста:
12-ю способами прячут процесс, а потом проверяют.
Вот эти способы:
Details:
Invisible Process 1.0 hides its process and thread objects using following methods:
- [-01-] - PspNotifyRoutine - RECALLING
- [-02-] - PsActiveProcessLinks - DKOM
- [-03-] - ObjectTable (HANDLE_TABLE) - DKOM
- [-04-] - CSRSS ObjectTable (HANDLE_TABLE) - ERASING
- [-05-] - PspCidTable (HANDLE_TABLE) - ERASING
- [-06-] - SessionProcessLinks - DKOM
- [-07-] - WorkingSetExpansionLinks - DKOM
- [-08-] - ObjectTypeList - DKOM
- [-09-] - CSR_PROCESS/CSR_THREAD - DKOM
- [-10-] - PID & IMAGE NAME - CHANGING
- [-11-] - OBJECT & OBJECT_TYPES - MANIPULATION
- [-12-] - THREAD OBJECT - MANIPULATION
Результаты смотрим здесь (http://www.ntinternals.org/process_detection_test.php) (осторожно, на аглицком!)
12-ю способами прячут процесс, а потом проверяют.
Вот эти способы:
Details:
Invisible Process 1.0 hides its process and thread objects using following methods:
- [-01-] - PspNotifyRoutine - RECALLING
- [-02-] - PsActiveProcessLinks - DKOM
- [-03-] - ObjectTable (HANDLE_TABLE) - DKOM
- [-04-] - CSRSS ObjectTable (HANDLE_TABLE) - ERASING
- [-05-] - PspCidTable (HANDLE_TABLE) - ERASING
- [-06-] - SessionProcessLinks - DKOM
- [-07-] - WorkingSetExpansionLinks - DKOM
- [-08-] - ObjectTypeList - DKOM
- [-09-] - CSR_PROCESS/CSR_THREAD - DKOM
- [-10-] - PID & IMAGE NAME - CHANGING
- [-11-] - OBJECT & OBJECT_TYPES - MANIPULATION
- [-12-] - THREAD OBJECT - MANIPULATION
Результаты смотрим здесь (http://www.ntinternals.org/process_detection_test.php) (осторожно, на аглицком!)