11/7/2023 0 Comments Process explorer vs process hacker![]() You can change how the CRT handles imports using the _delayLoadHelper2 symbol: The plugin api functions are exported from ProcessHacker.exe and linked to from plugin dlls. You already have the import table without needing a second table. To fix this I think it would have to instead pass on a table of function pointers when initializing plugins and have the plugins call through that table, which seems like a lot of work to change. This is because when I publish source changes they just get copy/pasted so you have to create a local repository with your own modifications or email me asking what changes to make. You can only write detection methods for the existing code published online and so you have to download the source and make the necessary changes. The malicious software then needs an update to detect your modification. If you added a detection method for a string you can download the source code and change or remove the string. These detection methods only apply to the official builds but not derivatives based on the source code. They will probably stick to those rudimentary string checks. You need to change EnableWindowText setting to 0 You can rename the executable using Explorer.īlank out the title and the titles of any child windows Renaming the main executable to something perhaps randomized The stupidity is proving them false but they continue anyway. The project has been open source for 12 years and can be reviewed on Github and Sourceforge. %temp% generates false positives by antivirus checking for the %temp% path. That would cause process hacker to copy itself to %tmp% Any stealth feature would be copy/pasted by people into other projects. ![]() The initialization code creates a detection method.Would be nice if there was a "Reopen as stealth" option ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |