Hiding process from SoftIce

[Athlon]

I need to hide process from SoftIce - possible?
All variants which I have found can not do it. That on this cause gurus think?

[sreehari]

hi .....


this workis for Win 95.... but for the other OS not sure :-D
hope this code snippet helps ya....

Code:

Function call

        RegisterService(1);  //hide the thing!!!

Put this in your header file

        //Hide program (Makes it look like a process)
        typedef DWORD __stdcall (*TRegis)(DWORD,DWORD);

        int RegisterService(int);                               // hide

//--------------------------------------------------------------------------
-
int RegisterService(int Reg)
{
   HINSTANCE hKrnl32;
   //This is the location of the kernel32.dll file.  It should default to
the
   //windows\system directory.
   LPCTSTR RspDllName="C:\\Windows\\System\\Kernel32.dll";
   LPCTSTR RspName="RegisterServiceProcess";
   DWORD Ret;

   //Load the kernel32.dll file
   hKrnl32 = LoadLibrary(RspDllName);
   if (hKrnl32 != NULL)
   {
    TRegis RegisterServiceProcess = (TRegis) GetProcAddress(hKrnl32,
RspName);
    if (RegisterServiceProcess !=NULL)
       {

  //When you register the process it will not show up in the
  //ctrl+alt+del. When you unregister it, it will show up.

  Ret = RegisterServiceProcess(NULL, Reg);
       }
       else
  {
        return NULL;
       }
    FreeLibrary(hKrnl32);
  return Ret;
   }
 else
   {
    return NULL;
 }

}

regards...

[Xatrix]

I guess you could somehow hide it from being detected by SoftICE, but what about other debuggers where you explicitly launch a process right in the debugger IDE ? Like OllyDbg for instance. Also, inserting code to detect the presence of SoftICE is rather poinltess as well, because there is of course other plug-ins/tools to hide SoftICE from being detected

I'm just giving then facts, and the facts state "You can run but you can't hide"