This is like rootkit level stuff and requires a lot of access.Ĭhange the Process32Next to skip over the hidden process entirely when enum process is called (analysts usually find processes hidden with this method using tools like Volatility, but there are a ton of strategies) Replace enum process and tell it not to return a process with a certain name/PID/path etc. You should also read this, it talks a little bit about hiding processes based on user SID: Īt a high level, there are a several ways to accomplish process hiding: ![]() This is usually done in the context of malware (and for that reason, if you trust your executable it probably doesn't apply to you) but here is a link with some decent introductory reading. To your question about hiding processes from Get-Process, it is absolutely possible and common.
0 Comments
Leave a Reply. |