Add NtQuerySystemInformation Hook

vxunderground / VX-API

Collection of various malicious functionality to aid in malware development

https://twitter.com/vxunderground

MIT License

1.44k stars 250 forks source link

Add NtQuerySystemInformation Hook #4

Open ghost opened 2 years ago

ghost commented 2 years ago

Some malware samples hide themselves from process lists by hooking the NtQuerySystemInformation function. I have not written this myself, but if any ideas are needed, this is one of them. I do not have my own code to contribute for this, so I will provide you with a link for reference.

Windows API Hooking - Hide Process from Task Manager tutorial

vxunderground commented 2 years ago

Good idea. We will review this at a later time.

vxunderground commented 1 year ago

This has been reviewed. This requires a DLL. This has been accepted and will be implemented in a later version.