2006-12-27 11:07:34 · 2 answers · asked by Haruhi 1 in Computers & Internet ➔ Security
Yes, it can be done. Yes, it's not exactly trivial and requires some programming skills. It's not done by editing the Registry, though.
Basically, one uses the NtQuerySystemInformation API to get a list of the currently running processes (the Task Manager uses this list). Then one walks the list, looking for the process one wants to hide. Once found, the process is "unlinked" from the list. This will not prevent it from running - but it will prevent the Task Manager from showing it.
This is the standard technique. Most rootkit revealers can detect processes hidden this way, though.
2006-12-27 21:35:08 · answer #1 · answered by Vesselin Bontchev 6 · 0⤊ 0⤋
Yes, it's possible. The best keylogging programs are undetectable in task manager. That would require some very sophisticated programming skill or registry editing. If you're asking this question... It can't be done by you.
(Not meant as an insult. It can't be done by me either. Requires some very specialized skills.)
2006-12-27 12:37:49 · answer #2 · answered by antirion 5 · 0⤊ 0⤋