有哪个给找一个隐藏进程的寒数

还有怎么在注册表中加自己的值。

这是改注册表的代码：
HKEY hkey;
DWORD type_1=REG_SZ;
//for(int i=0;i<16;i++) owner_Get=KPIN1;
//data[0]=0x00000001;
   LPCTSTR path="SOFTWARE";  
long ret = ::RegOpenKeyEx(HKEY_LOCAL_MACHINE,path,0,KEY_WRITE, &hkey);
if(ret!=ERROR_SUCCESS)
{
return;
}
ret=::RegSetValueEx(hkey,"rind1",NULL,type_1,(const unsigned char*)KPIN1,16);
   if(ret!=ERROR_SUCCESS)
{
return;
}
   ::RegCloseKey(hkey);

  这是你要的“寒数”！
  Platform SDK: DLLs, Processes, and Threads
CreateProcess

The CreateProcess function creates a new process and its primary thread. The new process runs the specified executable file in the security context of the calling process.

If the calling process is impersonating another user, the new process uses the token for the calling process, not the impersonation token. To run the new process in the security context of the user represented by the impersonation token, use the CreateProcessAsUser or CreateProcessWithLogonW function.


BOOL CreateProcess(
  LPCTSTR lpApplicationName,
  LPTSTR lpCommandLine,
  LPSECURITY_ATTRIBUTES lpProcessAttributes,
  LPSECURITY_ATTRIBUTES lpThreadAttributes,
  BOOL bInheritHandles,
  DWORD dwCreationFlags,
  LPVOID lpEnvironment,
  LPCTSTR lpCurrentDirectory,
  LPSTARTUPINFO lpStartupInfo,
  LPPROCESS_INFORMATION lpProcessInformation
);

Parameters
lpApplicationName
[in] Pointer to a null-terminated string that specifies the module to execute. The specified module can be a Windows-based application. It can be some other type of module (for example, MS-DOS or OS/2) if the appropriate subsystem is available on the local computer.
The string can specify the full path and file name of the module to execute or it can specify a partial name. In the case of a partial name, the function uses the current drive and current directory to complete the specification. The function will not use the search path. If the file name does not contain an extension, .exe is assumed. Therefore, if the file name extension is .com, this parameter must include the .com extension.

The lpApplicationName parameter can be NULL. In that case, the module name must be the first white space-delimited token in the lpCommandLine string. If you are using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin; otherwise, the file name is ambiguous. For example, consider the string "c:\program files\sub dir\program name". This string can be interpreted in a number of ways. The system tries to interpret the possibilities in the following order:

c:\program.exe files\sub dir\program name
c:\program files\sub.exe dir\program name
c:\program files\sub dir\program.exe name
c:\program files\sub dir\program name.exe

If the executable module is a 16-bit application, lpApplicationName should be NULL, and the string pointed to by lpCommandLine should specify the executable module as well as its arguments.

lpCommandLine
[in, out] Pointer to a null-terminated string that specifies the command line to execute. The maximum length of this string is 32K characters.
The Unicode version of this function, CreateProcessW, will fail if this parameter is a const string.

The lpCommandLine parameter can be NULL. In that case, the function uses the string pointed to by lpApplicationName as the command line.

If both lpApplicationName and lpCommandLine are non-NULL, the null-terminated string pointed to by lpApplicationName specifies the module to execute, and the null-terminated string pointed to by lpCommandLine specifies the command line. The new process can use GetCommandLine to retrieve the entire command line. Console processes written in C can use the argc and argv arguments to parse the command line. Because argv[0] is the module name, C programmers generally repeat the module name as the first token in the command line.

If lpApplicationName is NULL, the first white-space

你有不明白的，我这还有ENGLISH的

好的，谢谢

隐藏进程的寒数？？
9X下REGISTERSERVICEPROCESS
2K/XP下，要么HOOK ZWQUERYSYSTEMINFORMATION
要么直接修改内核进程链表，参考我在CSDN发布的文章。

moonYut 纯粹胡闹

隐藏进程网上有很多方法

HOOK
远程线程注入
注册系统服务（98）
空进程名（TASKMON不能显示）
驱动HOOK naive API都可以实现

可是CreateProcess肯定不可以

隐藏进程的寒数？？
9X下REGISTERSERVICEPROCESS
2K/XP下，要么HOOK ZWQUERYSYSTEMINFORMATION
要么直接修改内核进程链表，参考我在CSDN发布的文章。

能否给个文章的链接，我对此感兴趣，但找不到。谢谢了！

进程能隐藏得彻底吗？除了重写与进程调度相关的内核函数外，根本就不能隐藏得怎样~随随便便就能发现了。现在那些进程隐藏的方法，感觉都是自欺欺人的。。。

感觉都是自欺欺人的。。。
----那你想怎么样？就算一般的隐藏也有很大的意义，有多少用户知道icewsord呢，起码我周围十个人就有十个不知道有这个东西，你是身在这个圈子，才知道的

引用第9楼zhouhongyun于2007-04-07 13:47发表的  :
感觉都是自欺欺人的。。。
----那你想怎么样？就算一般的隐藏也有很大的意义，有多少用户知道icewsord呢，起码我周围十个人就有十个不知道有这个东西，你是身在这个圈子，才知道的

完全同意

远程线程注入

隐藏不好，现在杀软太变态，不如做守护