Hidden process detector is a light security tool for windows operation system that try to detect running hidden processes.
Under windows operation system there are a special type of malware that called rootkit. Rootkits can manipulate the default behavior of the system and hide running process in the system.
BETA version work only on Windows 10!
- Detect hidden process under windows operation system.
- Show list of DLL for each running process.
- For each DLL show its base address and size.
What is rootkit:
Rootkit is a software that use to manipulate the default behavior of the environment that it running on.
Rootkit can be split into 2 words:
- Root – Linux and Unix super user (like the administrator on windows operation system).
- Kit – a set of tools, In the pass the kit was use to gain root or administrator privilege to execute other harming tools.
In general, with rootkit hacker can manipulate objects on the system and by that to hide or control what the user can see.
An example might be, in related to processes is hiding them. How can it be done, there are several ways to do it.
Here is the theory of one:
Process represent in the windows system as a structure that contain information.
This structure is a linked link that connect to the next process in the link.
If I can somehow change the functions that return the link of processes I will be able to hide one or more process from the user.
I will disconnect the process from the link and I will have a running process outside this linked link.
In the evaluation of rootkit there was another term name bootkit.
After the changes that came with windows Vista there was a problem loading unsigned driver in the system.
In Vista and newer operation system there are more restrictions when it come to drivers and kernel mode.
To successfully use rootkit in windows Vista, 8, 8.1 and 10 it need to run on boot time to be able to load into the system
General usage of rootkit:
- Hide running processes.
- Hide files on the system.
- Make a hidden connection to the internet.
- Change hardware reporting (CPU speed, CPU heat etc.).
- Change the computer BIOS.
- And more…
The Hidden Process Detector Tool:
The hidden process detector light security tool try to detect hidden running processes in the system. Windows task manager and other default process viewer tool will not be able to show them.
Tool disclaimer and license:
This program is free software. Provided “AS IS” without any warranty. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
The author will not be liable for any special, incidental, consequential or indirect damages due to loss of data or any other reason from using the software.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY.
Without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see GNU Licenses.
Design for windows 10!
Download:Hidden Process Detector (36 downloads)
Please note: this is a beta version of the tool.
Important note: if it found hidden processes on your system please contact your system administrator.
For bug, comments, suggestion or if needed please contact us under the contact page.
If you see the vcruntime140.dll is missing you probably need to install the Microsoft Visual C++ Redistributable Packages for Visual Studio 2015.