Trying To Override Basic Windows Executables
After reading what Moshbat posted (Thank you for your reply) trying to hide the proccess may irritate antivirus sences :p which is not good. On the other hand, naming the executable like "Windows Update Manager" may give to my program a more innocent form. Can you name other windows based executables names?
If I recall, there's an old issue of hakin9 that covered this topic showing how it can be done. I can't remember the issue number, but if I recall correctly it also has tutorials on WiFi cracking and RFI/LFI, I think it must've been over a year old now.
ah, here's the issue: http://hakin9.org/magazine/580-no-backdoor-try-opening-the-windows
- It is much worse than that! If the virus only override windows executables would be great!For example, you look at windows update and disables this shit [is much more constructive track updates and download only what you need is, we learned a lot about new vulnerabilities;)]Worse is when they are loaded as services SVCHOST! It is loaded with privileges of the system … And with the taskmanager you never know about anything! :oThe only way to know about what is happening on the machine is using:
- 1 - CMD.exe2 - Type Tasklist / SVC
It is much worse than that! If the virus only override windows executables would be great! For example, you look at windows update and disables this shit [is much more constructive track updates and download only what you need is, we learned a lot about new vulnerabilities;)] Worse is when they are loaded as services SVCHOST! It is loaded with privileges of the system … And with the taskmanager you never know about anything! :o The only way to know about what is happening on the machine is using:
1 - CMD.exe 2 - Type Tasklist / SVC
He'll show you all the services that are being loaded on SVCHOST! It is also very good for refining the system configuration!
Still I'll write some articles about windows! :ninja:
RootsBabilonia