VX-API icon indicating copy to clipboard operation
VX-API copied to clipboard
verified publisher icon vxunderground

Add NtQuerySystemInformation Hook

Open ghost opened this issue 3 years ago • 2 comments

Some malware samples hide themselves from process lists by hooking the NtQuerySystemInformation function. I have not written this myself, but if any ideas are needed, this is one of them. I do not have my own code to contribute for this, so I will provide you with a link for reference.

Windows API Hooking - Hide Process from Task Manager tutorial

ghost avatar Jul 19 '22 01:07 ghost

Good idea. We will review this at a later time.

vxunderground avatar Aug 02 '22 22:08 vxunderground

This has been reviewed. This requires a DLL. This has been accepted and will be implemented in a later version.

vxunderground avatar Nov 03 '22 03:11 vxunderground