Thread: Hidden Process

Results 1 to 12 of 12
  1. #1
    zhaoyun333's Avatar
    Join Date
    Apr 2009
    Gender
    male
    Posts
    396
    Reputation
    11
    Thanks
    1,125

    Hidden Process

    Ok, ive been trying to create a crude cheat engine for a game.

    Problem is, i can't find the process that runs the game, it is either hidden or it runs without a process?

    Here is my code:
    Code:
    HANDLE hProcessSnap;
    HANDLE hProcess;
    PROCESSENTRY32 pe32;
    
    
    hProcessSnap=CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
    
    pe32.dwSize = sizeof( PROCESSENTRY32 );		
    
    	Process32First(hProcessSnap, &pe32);
    
    	do	
    	{		
    		if(strcmp(pe32.szExeFile,procID) == 0)	
    		{
    			hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);	
    			break;	
    		}
    	}
    	while(Process32Next(hProcessSnap, &pe32));	
    
    CloseHandle( hProcessSnap );
    
    
    
    if(hProcess==NULL){
    DWORD proc_id;
    
    HWND hWnd = FindWindow(NULL, app);
    GetWindowThreadProcessId(hWnd, &proc_id);
    hProcess = OpenProcess(PROCESS_ALL_ACCESS|PROCESS_VM_OPERATION|PROCESS_VM_READ|PROCESS_VM_WRITE|PROCESS_QUERY_INFORMATION, FALSE, proc_id);
    }
    How do i find a hidden process?

  2. #2
    Toymaker's Avatar
    Join Date
    Feb 2008
    Gender
    male
    Location
    Hannah, Montana
    Posts
    659
    Reputation
    14
    Thanks
    193
    My Mood
    Amused
    Lol, there is of course a process, it's just hidden then. I downloaded an application once to allow me superior viewing but the name slips me, sorry. I suppose you need a dynamic variable for the target window name so users can change it up so, with that being said, try additional debug privileges. I'll add an example:

    Code:
    void adddebugtokens()
    {
        HANDLE hcurrent=GetCurrentProcess();
        HANDLE hToken;
        BOOL bret=OpenProcessToken(hcurrent,40,&hToken);
        LUID luid;
        bret=LookupPrivilegeValue(NULL,"SeDebugPrivilege",&luid);
        TOKEN_PRIVILEGES NewState,PreviousState;
        DWORD ReturnLength;
        NewState.PrivilegeCount =1;
        NewState.Privileges[0].Luid =luid;
        NewState.Privileges[0].Attributes=2;
        AdjustTokenPrivileges(hToken,FALSE,&NewState,28,&PreviousState,&ReturnLength);
    }
    Last edited by Toymaker; 04-13-2009 at 10:16 AM.

  3. The Following User Says Thank You to Toymaker For This Useful Post:

    zhaoyun333 (04-13-2009)

  4. #3
    zhaoyun333's Avatar
    Join Date
    Apr 2009
    Gender
    male
    Posts
    396
    Reputation
    11
    Thanks
    1,125
    Im not gonna say thanks. Im gonna thanks you! (Bad grammar i know lol)
    There are five possible operations for any army. If you can fight, fight; if you cannot fight, defend; if you cannot defend, flee; if you cannot flee, surrender; if you cannot surrender, die." - Sima Yi

  5. #4
    KnockOut's Avatar
    Join Date
    Mar 2009
    Gender
    male
    Location
    New York Fucking City
    Posts
    881
    Reputation
    10
    Thanks
    210
    TRY TO SEE IF THE PROCESS IS PICKED UP WITH CHEAT ENGINE

  6. #5
    zhaoyun333's Avatar
    Join Date
    Apr 2009
    Gender
    male
    Posts
    396
    Reputation
    11
    Thanks
    1,125
    Well...the game automatically crashes as a security measure when you alt tab out of game.
    There are five possible operations for any army. If you can fight, fight; if you cannot fight, defend; if you cannot defend, flee; if you cannot flee, surrender; if you cannot surrender, die." - Sima Yi

  7. #6
    Toymaker's Avatar
    Join Date
    Feb 2008
    Gender
    male
    Location
    Hannah, Montana
    Posts
    659
    Reputation
    14
    Thanks
    193
    My Mood
    Amused
    I've had that problem before. Hey, you trying this on Combat Arms? =) I think it may check for what's loaded when you alt-tab and that's the problem. Change your memory searchers filename and icon image. The process name will naturally be different as well. You may defeat any quick checksum this way. Good luck.

  8. #7
    zhaoyun333's Avatar
    Join Date
    Apr 2009
    Gender
    male
    Posts
    396
    Reputation
    11
    Thanks
    1,125
    No not Combat Arms...Soldier Front

    Also...how do i debug privileges if i cant open the process?

    Would this work?

    Code:
    char app[100];
    
    void adddebugtokens()
    {
        HANDLE hcurrent;
        HANDLE hToken;
    	PROCESSENTRY32 pe32;
    	DWORD proc_id;
    	HWND hWnd = FindWindow(NULL, app);
    	GetWindowThreadProcessId(hWnd, &proc_id);
    	hcurrent = OpenProcess(PROCESS_ALL_ACCESS|PROCESS_VM_OPERATION|PROCESS_VM_READ|PROCESS_VM_WRITE|PROCESS_QUERY_INFORMATION, FALSE, proc_id);
    	OpenProcessToken(hcurrent,40,&hToken);
        LUID luid;
        LookupPrivilegeValue(NULL,"SeDebugPrivilege",&luid);
        TOKEN_PRIVILEGES NewState,PreviousState;
        DWORD ReturnLength;
        NewState.PrivilegeCount =1;
        NewState.Privileges[0].Luid =luid;
        NewState.Privileges[0].Attributes=2;
        AdjustTokenPrivileges(hToken,FALSE,&NewState,28,&PreviousState,&ReturnLength);
    }
    Last edited by zhaoyun333; 04-15-2009 at 05:50 PM.
    There are five possible operations for any army. If you can fight, fight; if you cannot fight, defend; if you cannot defend, flee; if you cannot flee, surrender; if you cannot surrender, die." - Sima Yi

  9. #8
    Toymaker's Avatar
    Join Date
    Feb 2008
    Gender
    male
    Location
    Hannah, Montana
    Posts
    659
    Reputation
    14
    Thanks
    193
    My Mood
    Amused
    I pasted you the code for additional privileges so you could open it's process but I guess it's still not working and you can just test it yourself for an answer to your last question. I'll look into this all more and try to be of more help soon.
    Last edited by Toymaker; 04-15-2009 at 07:13 PM.

  10. #9
    radnomguywfq3's Avatar
    Join Date
    Jan 2007
    Gender
    male
    Location
    J:\E\T\A\M\A\Y.exe
    Posts
    8,858
    Reputation
    381
    Thanks
    1,823
    My Mood
    Sad
    Use a DLL. Make it return it's current address space PID. Or just create the hack as a dll.



    There are two types of tragedies in life. One is not getting what you want, the other is getting it.

    If you wake up at a different time in a different place, could you wake up as a different person?


  11. #10
    EndRiT's Avatar
    Join Date
    Dec 2005
    Gender
    male
    Location
    USSR
    Posts
    12,751
    Reputation
    170
    Thanks
    4,294,967,295
    Sounds simple enough =/=

  12. #11
    zhaoyun333's Avatar
    Join Date
    Apr 2009
    Gender
    male
    Posts
    396
    Reputation
    11
    Thanks
    1,125
    Noob Question:

    How do i make a dll? Please dont tell me its using Microsoft Studio
    There are five possible operations for any army. If you can fight, fight; if you cannot fight, defend; if you cannot defend, flee; if you cannot flee, surrender; if you cannot surrender, die." - Sima Yi

  13. #12
    Toymaker's Avatar
    Join Date
    Feb 2008
    Gender
    male
    Location
    Hannah, Montana
    Posts
    659
    Reputation
    14
    Thanks
    193
    My Mood
    Amused
    If you have mASM32 installed it's quite easy to compile a .DLL through linking to it. You should try to use that information to google a very quick method of doing it. It's what I did successfully and recently. I mean I understand you'd probably like it just given to you but too bad!

Similar Threads

  1. How to view games that are/have hidden processes
    By Sceleratus in forum General Game Hacking
    Replies: 0
    Last Post: 08-30-2011, 04:47 AM
  2. [Info] process gets Hidden On XP And Vista Only
    By Mohit_Hacker in forum Blackshot Hacks & Cheats
    Replies: 6
    Last Post: 09-18-2009, 02:37 AM
  3. Process Dont Get Hidden On Windows 7 with proof!
    By Mohit_Hacker in forum Blackshot Discussion
    Replies: 6
    Last Post: 09-16-2009, 05:28 AM
  4. find hidden process's easy
    By Chevalier83 in forum C++/C Programming
    Replies: 2
    Last Post: 07-22-2009, 03:22 PM
  5. Process Guard!
    By Flawless in forum General Game Hacking
    Replies: 6
    Last Post: 01-26-2006, 05:21 PM

Tags for this Thread