Results 1 to 6 of 6

Thread: Hidden Dlls

  1. #1

    Thread Starter
    Addicted Member
    Join Date
    Oct 2009
    Location
    Clive, IA in America!!!!
    Posts
    204

    Hidden Dlls

    Well,

    I have created a security program that monitors the keystokes\websites\processes... I want to FIRST ask if this is a legal question; for, my purpose in this program is security reasons (eg. following up on employees to make sure that they are doing what they are paid to do. They all know this is running, and have been warned not to go to sites and enter information they do not want reviewed).

    Second, I want this program to be hidden so that techy persons cannot go into task manager and end the process, then go on to some porn site! How could I make this app hidden, or at the very least make it 'un-end-able' from the task manager?

    Much Thanks!

    VBNetDude - Thinking Programmatically
    By Silver Seal Software

    Don't forget to mark your thread as "Resolved" using the Thread Tools menu on top. And don't forget to rate the answers that help you the most!

  2. #2
    PowerPoster cicatrix's Avatar
    Join Date
    Dec 2009
    Location
    Moscow, Russia
    Posts
    3,654

    Re: Hidden Dlls

    This is usually done by assigning user rights.
    If a user is a local admin on a workstation he can do everything he wants there. Yes, even cancelling the group domain policies.

    You cannot hide your process, but you can either make it look as something else or inject your code in some other process (but this would come very close to become a virus / spyware).

    Another option is writing a driver but this is also a realm beyond vb and .net framework.

  3. #3

    Thread Starter
    Addicted Member
    Join Date
    Oct 2009
    Location
    Clive, IA in America!!!!
    Posts
    204

    Re: Hidden Dlls

    Could I create a DLL App or something, to keep the app running, hidden from the TaskManager that way? The reason I ask is because I have been browsing the internet for 'creating hidden apps', and have come accross a few. I even found another program (All-In-One Keylogger) that accomplishes this feat.

    Could it be that I would have to switch to another programming language? I have so much of this written that I would rather not!

    VBNetDude - Thinking Programmatically
    By Silver Seal Software

    Don't forget to mark your thread as "Resolved" using the Thread Tools menu on top. And don't forget to rate the answers that help you the most!

  4. #4
    PowerPoster cicatrix's Avatar
    Join Date
    Dec 2009
    Location
    Moscow, Russia
    Posts
    3,654

    Re: Hidden Dlls

    You cannot hide the process (It can be done only on Win95/98/Me). You make it a windows service but it will nevertheless be present in the process list.
    If you want to hide your keylogger from the task manager you will have to write your own keyboard driver.

  5. #5

    Thread Starter
    Addicted Member
    Join Date
    Oct 2009
    Location
    Clive, IA in America!!!!
    Posts
    204

    Re: Hidden Dlls

    hmmm... NOT GOOD NEWS!

    Well, do you have any last pointers? C++? I might have to call it a night here.

    I do appreciate your help! Thanks!

    VBNetDude - Thinking Programmatically
    By Silver Seal Software

    Don't forget to mark your thread as "Resolved" using the Thread Tools menu on top. And don't forget to rate the answers that help you the most!

  6. #6
    PowerPoster cicatrix's Avatar
    Join Date
    Dec 2009
    Location
    Moscow, Russia
    Posts
    3,654

    Re: Hidden Dlls

    Most keyloggers usually mask themselves to appear something else.
    The process executable is named something like scvhost.exe, winlogin.exe, rundl.exe, llsass.exe etc. But this will stop only less proficient users.

    The key is make your app work at the ring0. And this usually means writing a device driver (or a rootkit).

    Another approach is launching 2 apps and make them watch each other launching them again in case the process is shut down.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width