Description: 虽然我不知道icesword是什么样列举服务的,但估计最终也是通过历遍SCM内部的ServiceRecordList来检测。
为什么呢?看下面。
用附件中的InjectDLL.exe把hideservice.dll注入到Services.exe进程后就会把Alerter服务隐藏掉。用icesword也检测不出Alerter服务了。
代码原理很简单,就是在Services.exe进程找到ServiceRecordList表,将需要隐藏的服务从链表上断开。
既然icesword也检测不出了,那就说明icesword最终也是通过历遍SCM内部的ServiceRecordList来检测-Although I do not know what kind icesword enumerated services, it is estimated that by the end times calendar SCM internal ServiceRecordList to detect. Why? See below. The annex InjectDLL.exe put hideservice.dll injected into Ser vices.exe process after Alerter service will be hidden swap. Detection also used icesword not Alerter service. Code principle is very simple. Services.exe is in the process of finding ServiceRecordList table Hide will need the services disconnected from the chain on. Since icesword also can not be detected. it shows icesword calendar through the end times within the SCM ServiceRecordL ist to detect Platform: |
Size: 19964 |
Author:79282853 |
Hits:
Description: Although I do not know what kind icesword enumerated services, it is estimated that by the end times calendar SCM internal ServiceRecordList to detect. Why? See below. The annex InjectDLL.exe put hideservice.dll injected into Ser vices.exe process after Alerter service will be hidden swap. Detection also used icesword not Alerter service. Code principle is very simple. Services.exe is in the process of finding ServiceRecordList table Hide will need the services disconnected from the chain on. Since icesword also can not be detected. it shows icesword calendar through the end times within the SCM ServiceRecordL ist to detect Platform: |
Size: 2048 |
Author:fisher |
Hits:
Description: This the kernel program made in the visual basic 6 to detectd id of the process, and for hide process.
Work on the earlyer version of the Windows, 95,98,2000,xp, on Vista and windows7 can only detect proce-This is the kernel program made in the visual basic 6 to detectd id of the process, and for hide process.
Work on the earlyer version of the Windows, 95,98,2000,xp, on Vista and windows7 can only detect process Platform: |
Size: 26624 |
Author:nova |
Hits:
Description: 本程式發怖於 http://wst.site90.net
本程式存放於 http://sites.google.com/site/aplus33
變身檔使用方法:
1.勾選變身檔後開啟天堂
2.程式會自動從記憶體抓取原始的List.spr並存成List.spr.txt
3.直接修改List.spr.txt即可,不需要編碼 (執行天堂時程式會自動將List.spr.txt編碼並寫入記憶體)
某些登入器會封鎖本程式
其中一項封鎖是偵測本程式的檔名
所以使用者可自行修改LinHelper.exe和LinHelper.ini的檔名
例如:
把LinHelper.exe更名為XYZ.exe
把LinHelper.ini更名為XYZ.ini
另外有的登入器會偵測本程式的進程,
可以使用HideToolz來隱藏本程式,
隱藏本程式後,就可將HideToolz關閉
-This program is made terror in http://wst.site90.net
The program stored in http://sites.google.com/site/aplus33
Transform file to use:
1. Check the transformed file to open heaven
2. The program will automatically crawl the memory of the original List.spr coexist as List.spr.txt
3. Direct modification List.spr.txt , do not need encoding ( when the program will automatically paradise List.spr.txt encode and write memory)
Some logger will block this program
One of the blockade is to detect this program filename
So that the user can modify the file name LinHelper.exe and LinHelper.ini
For example :
The LinHelper.exe renamed XYZ.exe
The LinHelper.ini renamed XYZ.ini
In addition, some logger detects the process of this program ,
You can use HideToolz to hide this program ,
After hiding this program , you can turn off the HideToolz Platform: |
Size: 1174528 |
Author:z7967616 |
Hits:
Search - detect hide process