Hidden Process Detector

Hidden process detector is a light security tool for the Windows operating system that tries to detect running hidden processes.

Under the windows operation system, there is a special type of malware called a rootkit. Rootkits can manipulate the default behavior of the system and hide the running process in the system.

BETA version works only on Windows 10!

Tool screens:

"<yoastmark

 

"<yoastmark

 

Tool Features:

  • Detect hidden process under windows operation system.
  • Show list of DLL for each running process.
  • For each DLL show its base address and size.

What is rootkit:

Rootkit is a software that use to manipulate the default behavior of the environment that it running on.

Rootkit can be split into 2 words:

  1. Root – Linux and Unix super user (like the administrator on windows operation system).
  2. Kit – a set of tools, In the pass the kit was use to gain root or administrator privilege to execute other harming tools.

In general, with rootkit hacker can manipulate objects on the system and by that to hide or control what the user can see.

An example might be, in related to processes is hiding them. How can it be done, there are several ways to do it.

Here is the theory of one:

Process represent in the windows system as a structure that contain information.

This structure is a linked link that connect to the next process in the link.

If I can somehow change the functions that return the link of processes I will be able to hide one or more process from the user.

I will disconnect the process from the link and I will have a running process outside this linked link.

In the evaluation of rootkit there was another term name bootkit.

Why bootkit:

After the changes that came with windows Vista there was a problem loading unsigned driver in the system.

In Vista and newer operation system there are more restrictions when it come to drivers and kernel mode.

To successfully use rootkit in windows Vista, 8, 8.1 and 10 it need to run on boot time to be able to load into the system

General usage of rootkit: 

  • Hide running processes.
  • Hide files on the system.
  • Make a hidden connection to the internet.
  • Change hardware reporting (CPU speed, CPU heat etc.).
  • Change the computer BIOS.
  • And more…

More about rootkit can be found on our rootkit section or in Wikipedia under rootkit.

The Hidden Process Detector Tool:

The hidden process detector light security tool try to detect hidden running processes in the system. Windows task manager and other default process viewer tool will not be able to show them.

Tool disclaimer and license:

This program is free software. Provided “AS IS” without any warranty. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

The author will not be liable for any special, incidental, consequential or indirect damages due to loss of data or any other reason from using the software.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY.

Without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see GNU Licenses.

Design for windows 10!

Download:

Hidden Process Detector (2676 downloads )

Virus Total Scan Results

Please note: this is a beta version of the tool.

Important note: if it found hidden processes on your system please contact your system administrator.

For bug, comments, suggestion or if needed please contact us under the contact page.

Known Issue:

If you see the vcruntime140.dll is missing you probably need to install the Microsoft Visual C++ Redistributable Packages for Visual Studio 2015.

Hidden Process Detector DLL Error
Hidden Process Detector DLL Error

 

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.