News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

How 2 restore link pointer?

Started by EvilMonster, July 31, 2007, 10:11:19 AM

Previous topic - Next topic

EvilMonster

As we all know, programs like Gamguard and some programs uses DKOM (Direct Kernel Object Manipulation) method to hide themself. DKOM relies on unlinking the EPROCESS link pointers. So if i want to unhide them, i need to restore the link pointer so that it could show up on Process Explorer. The thing is i dont know how to restore the link pointer. Is there anyone that could give me a tutorial on how to restore the link pointer? Thx :bg

hutch--

Monster,

I think you need to read the forum rules before you make a post of this type.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

P1

Quote from: EvilMonster on July 31, 2007, 10:11:19 AMIs there anyone that could give me a tutorial on how to restore the link pointer?
Uninstall the software will restore the links.  M$ does not support this kind of manipulations of the OS. 
Quote from: M$ EULA1.   GRANT OF LICENSE. This EULA grants you the following limited, non-exclusive rights:
* Software Product. You may install and use the enclosed SOFTWARE PRODUCT on a single computer to design, develop,
and test software application products for use with
Microsoft Windows or Windows NT operating systems ("Application").

We develope "Application"(s), according to permitted extensions of the user shell and 'as well as other intellectual property laws'.

Regards,  P1   :8)