#include "stdafx.h"
#include "windows.h"
#include "nativeAPI.h"
#include
#include
#include
void ListProcessNThread();
void HideProcess();
DWORD FindProcessEPROC(int PID);
int main (int argc, char* argv[])
{
int select=0;
while(1) {
system("CLS");
printf ("\n\n\t# Process Management - BlackH3s #\n\n");
printf ("\t1. Taskmgr \n");
printf ("\t2. Hide Process \n");
printf ("\t3. Exit \n\n");
printf ("\t[ ]\b\b");
scanf_s ("%d",&select,1);
switch(select) {
case 1:
ListProcessNThread();
_getch();
break;
case 2:
HideProcess();
break;
case 3:
exit(1);
break;
default:
printf("RESELECT AGAIN~~\n");
_getch();
break;
}
}
}
////////////////////////////////////////////////////////////////////////////////////////////
void HideProcess()
{
int ppid=0;
system("CLS");
printf ("\n\n\tWhich process want hidden? \n");
printf ("\tIf you enter '0', Back to Menu \n");
printf ("\t[ ]\b\b");
scanf_s ("%d",&ppid);
if(ppid!=0) {
// FindProcessEPROC(ppid);
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, ppid);
//if ( NULL == hProcess ) {
printf("test");
_getch();
//}
}
// OpenProcess(PROCESS_QUERY_INFORMATION, 0, dwProcessId);
// DWORD dwProcessId;
}
////////////////////////////////////////////////////////////////////////////////////////////
void ListProcessNThread()
{
ULONG dwAllocedSize, dwNeeded;
PSYSTEM_PROCESSES pProcesses;
NTSTATUS Status;
int nThreadCount = 0;
//1. Get Buffer of information data
dwAllocedSize = 0x1000;
while(TRUE) {
pProcesses = (PSYSTEM_PROCESSES)VirtualAlloc(NULL, dwAllocedSize, MEM_COMMIT,
PAGE_READWRITE);
Status = ZwQuerySystemInformation(SystemProcessesAndThreadsInformation,
pProcesses, dwAllocedSize, &dwNeeded);
if(Status == STATUS_INFO_LENGTH_MISMATCH) {
VirtualFree(pProcesses, dwAllocedSize, MEM_DECOMMIT);
if (dwNeeded > dwAllocedSize) {
dwAllocedSize = dwNeeded;
}
else {
dwAllocedSize += 0x500;
}
}
else if (NT_SUCCESS(Status)) {
break;
}
else {
break;
}
}
while (pProcesses->NextEntryDelta != 0) {
pProcesses = (PSYSTEM_PROCESSES)((char *)pProcesses + pProcesses->NextEntryDelta);
// Print Process Information
printf("PID:%d - %.*ws\n",
pProcesses->ProcessId,
pProcesses->ProcessName.Length / 2,
pProcesses->ProcessName.Buffer);
}
}
////////////////////////////////////////////////////////////////////////////////////////////
/*
return 0;
}
DWORD FindProcessEPROC(int PID)
{
DWORD eproc=0x00000000;
int current_PID=0;
int start_PID=0;
int i_count =0;
PLIST_ENTRY plist_active_procs;
if(PID ==0)
return PID;
eproc =(DWORD)PsGetCurrentProcess();
start_PID = *((int *)(eproc+PIDOFFSET));
current_PID=start_PID;
while(1)
{
if(PID ==current_PID)
return eproc;
else if((i_count >= 1) && (start_PID ==current_PID))
{
return 0x0000000;
}
else{
plist_active_procs=(LIST_ENTRY *)(eproc+FLINKOFFSET);
eproc = (DWORD) plist_active_procs->Flink;
eproc = eproc - FLINKOFFSET;
current_PID = *((int *)(eproc+PIDOFFSET));
i_count++;
}
}
}
*/
/////////////////////////////////////////////////////////////////////////////////////////////