OpenProcess and the PSPCIDTABLE

.NET Framework/non-language specific Discuss, OpenProcess and the PSPCIDTABLE at Programmers Lounge forum; Ever wonder how rootkit detectors work? Take for instance, Blacklight. It loops OpenProcess from 0x0004 to 0x41DC and if it ...

		Gamerz Needs - For All Your Gaming Needs! > Technology Zone > Programmers Lounge > .NET Framework/non-language specific
OpenProcess and the PSPCIDTABLE

Blogs

Notices

Welcome to the Gamerz Needs forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact contact us.

Advertisement

Bookmark this

Thread Tools

Display Modes

11-12-2006, 12:47 AM

vitto

Registered Users +

Last Online: 04-04-2008 11:30 PM

Join Date: Aug 2006

Age: 28

Posts: 432

Thanks: 22

Thanked 88 Times in 49 Posts

Nominated 0 Times in 0 Posts

TOTW/F/M Award(s): 0

Latest Blog:
Rep Power: 6

Points: 58.70

Bank: 442.94

Total Points: 501.64

Donate

OpenProcess and the PSPCIDTABLE

Ever wonder how rootkit detectors work?

Take for instance, Blacklight.

It loops OpenProcess from 0x0004 to 0x41DC and if it gets a handle it records it. But beware, processes can hook OpenProcess(nProtect, HackShield, XTrap) Most now do it in the kernel, so you must program a driver to undo them. If its removed from the pspcidtable, then this method will not work.

mov eax, 4
.while eax<=0000041DCh
push eax
invoke OpenProcess,PROCESS_ALL_ACCESS,FALSE,eax
Call AddPid
pop eax
add eax, 4
.endw

AddPid:
;Logging here
ret

PS:

Im just writing this to gain points. Yes, Im THAT desperate.

__________________

Im Inactive
R.I.P. Tom Nguyen (July 30, 1990 - June 4, 2007)
http://img182.imageshack.us/img182/1492/halo3ni7.png
Gifts: Silly[x][x]

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is On HTML code is Off Trackbacks are On Pingbacks are On Refbacks are On

Forum Jump

Advertisement

Main Navigation

Home
GzN Forums
GzN Games
GzN News
Top Games
GzN Cheats
GzN Articles
GzN Reviews
GzN Downloads
User Control Panel
Advertising

2Moons
Adventure Quest
AirRivals
America's Army
Anarchy Online
Archlord
Audition
Battlefield Series
Cabal Online
Call Of Duty Series
Combat Arms
Conquer Online
Counter Strike
Day of Defeat
Deicide Online
Diablo Series
Doom Series
Drift City
Enemy Territory
Eudemons Online
Final Fantasy
Flyff (Fly For Fun)
General Game Discussion
Ghost Online
Granado Espada
Grand Theft Auto Series
Guild Wars
Gunbound
Gunz Online
Habbo Hotel
Half-Life 2
Hero Online
KartRider
Knights Online
Maple Story
Medal of Honor
MU Online
Neopets
Pangya
Quake Series
Ragnarok Online
Rappelz
Rakion
Red Orchestra
Rose Online
Runescape
Scions of Fate
Silkroad Online
Sims Series
Soldier Front
Starcraft
Tales of Pirates
Tibia
The Ship
Trickster Online
TS Online
Unreal Tournament
War Rock
WolfTeam
World of Warcraft & Series

Affiliates
COD4 Hacks
BF2 Hacks

All times are GMT -8. The time now is 01:24 AM.