detect hidetool

[connected]

dear enigmaprotector

I am very happy to use enigmaprotector, i use to protect my private server game , and its running good.
but now the player can hide their cheat programs with hidetool [look my attach].
I do not know how to detect hidetool, because hidetool undetectable in process running
I hope enigmaprotector can solve my problem, by finding the best solution


thank be 4

eko pribadi
this is link of hidetoolz
http://www.mediafire.com/?y2eqossxq3msv83

[Enigma]

Hi Eko, I have got your emails!

Yes, there is a method to detect hidetoolz, I will try to implement it as soon as possible.

Please refer this thread, I will update it soon!

[connected]

Hi Eko, I have got your emails!

Yes, there is a method to detect hidetoolz, I will try to implement it as soon as possible.

Please refer this thread, I will update it soon!

thank boss for fast reply

[Enigma]

Finally we have implemented a method that allows to detect hidden processes.

There is an experimental demo version for who is interesting to test new features:
http://enigmaprotector.com/assets/files ... mo_exp.exe

Some info:
There are not so much methods to detect hidden process from user mode, so there are some restrictions.
Enigma Protector can't detect a file name for hidden processes, so you have to disable checking of process file name and check it only by window text and class.
for example, to detect a HideToolz itself, you have to add an item to Executed Process checkup and:
DISABLE file name
ENABLE window text and set the text something like *hidetoolz*
DISABLE window class (or ENABLE and set to obj_form).

There is also added new feature - Treminate if hidden process found. If this option enables, and any hidden process is found, then application will not start.

Suggestions are always welcome.

[Mulegend]

Dont works, cuz HideToolz, Hide Process, Window, and protect Windows hooks..
i use this function coded by i dont know.. but works fine..

Code: Select all

void Detect()
{
DWORD dwProcId;
    HWND hWnd;
    ProcInfo mProc[255];
    int mIdList[255];
    int nCount = 0;
    int nPID = 0;
    int i = 0;
	hWnd = FindWindow(0,0);

    while( hWnd > 0)
    {
        if (GetParent(hWnd) == 0)
        {
            GetWindowThreadProcessId(hWnd, &dwProcId);
            if (!OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwProcId))
            {
		mProc[nCount].hWnd = hWnd;
                mProc[nCount].dwProcId = dwProcId ;
                nCount++;

                for (i = 0; i < nPID; i++)
                    if (dwProcId == mIdList[i])
                        break;

                if (i == nPID) 
                     mIdList[nPID++] = dwProcId; 
            }
        }
        hWnd = GetWindow(hWnd, GW_HWNDNEXT);
    }
    if (nCount > 0)
    {
		SendMessageA(mProc[i].hWnd, WM_CLOSE, 0, 0);    // 1. Close
        SendMessageA(mProc[i].hWnd, WM_QUIT, 0, 0);     // 2. Quit
		SendMessageA(mProc[i].hWnd, WM_DESTROY, 0, 0);  // 3. Destroy
        EndTask(mProc[i].hWnd, FALSE, TRUE);            // 4. EndTask
    }
}

[Enigma]

Hi Mulegend, Enigma is using something similar. The detection of hidetoolz and hidden processes is not implemented in the DEMO version that is located on the site. If you want, I can send you a link to the latest unofficial DEMO version, so you may test..

[Mulegend]

i test a old demo and i like it, is a good protector..
but if your oficial versionn detect hidetoolz, i will buy it...
sendme a link of a demo...
please..

[Enigma]

I've sent you a link in PM, please test!

[Mulegend]

Ok i test it works fine, i send back another PM with a details..

thanks

[osa3do]

i try to test a Demon Version but every time i try to open The Enigma Protector my anti virus is found virus on it trojan horse
sheu3.bxgm virus so i cant open it :S :S :S
please fixed this problem my anti virus avg internet security 2011