Re: Tool Release: ProcL - Detect Hidden Process



Greetings,

I am glad to release ProcL v1.0. ProcL employs many different methods to detect hidden processes. Essentially, ProcL detailed and implemented a mechanism to embed all these different approaches in one tool to detect hidden processes. Our methods of detecting hidden processes requires the examination of each kernel object - EPROCESS, ETHREADS, HANDLES, JOBS. Therefore, we believe, ProcL would defeat process concealment from one certain method.

Hiding a process is particularly threatening because it represents some malicious code running on your system that you are completely unaware of. Process hiding has a significant effect. Many of the trojan, virus, spyware, rootkit writers use similar techniques to hide themselves and stay undetected as long as possible on target machines. Finding all the ways a rootkit might hide a process is just the first step in defending against the rootkits. Detecting hidden objects is a promising new area in rootkit detection.

For more information on the tool
http://www.scanit.net/rd/tools/03

Download the tool
http://www.scanit.net/files/tools/ProcL.zip

Cheers,
Pallav Khandhar
Sr. Security Researcher
Scanit R&D Lab



Relevant Pages

  • Tool Release: ProcL - Detect Hidden Process
    ... ProcL employs many different methods to detect hidden processes. ... ProcL detailed and implemented a mechanism to embed all these different approaches in one tool to detect hidden processes. ... Many of the trojan, virus, spyware, rootkit writers use similar techniques to hide themselves and stay undetected as long as possible on target machines. ... Securing Web Applications ...
    (Pen-Test)
  • [Full-disclosure] Tool Release: ProcL - Detect Hidden Process
    ... ProcL employs many different methods to detect hidden processes. ... ProcL detailed and implemented a mechanism to embed all these different approaches in one tool to detect hidden processes. ... Process hiding has a significant effect. ... Many of the trojan, virus, spyware, rootkit writers use similar techniques to hide themselves and stay undetected as long as possible on target machines. ...
    (Full-Disclosure)
  • Re: Tool Release: ProcL - Detect Hidden Process
    ... ProcL employs many different methods to detect hidden processes. ... ProcL detailed and implemented a mechanism to embed all these different approaches in one tool to detect hidden processes. ... Process hiding has a significant effect. ... Many of the trojan, virus, spyware, rootkit writers use similar techniques to hide themselves and stay undetected as long as possible on target machines. ...
    (Security-Basics)
  • Re: Patched IIS/W2K Out of memory!!!
    ... Could be hidden processes that's chewing everything up. ... First thing that comes to mind...check out the following rootkit. ... >Windows 2000 Advanced Server. ...
    (Focus-Microsoft)