As we all know, programs like Gamguard and some programs uses DKOM (Direct Kernel Object Manipulation) method to hide themself. DKOM relies on unlinking the EPROCESS link pointers. So if i want to unhide them, i need to restore the link pointer so that it could show up on Process Explorer. The thing is i dont know how to restore the link pointer. Is there anyone that could give me a tutorial on how to restore the link pointer? Thx :bg
Monster,
I think you need to read the forum rules before you make a post of this type.
Quote from: EvilMonster on July 31, 2007, 10:11:19 AMIs there anyone that could give me a tutorial on how to restore the link pointer?
Uninstall the software will restore the links. M$ does not support this kind of manipulations of the OS.
Quote from: M$ EULA1. GRANT OF LICENSE. This EULA grants you the following limited, non-exclusive rights:
* Software Product. You may install and use the enclosed SOFTWARE PRODUCT on a single computer to design, develop,
and test software application products for use with Microsoft Windows or Windows NT operating systems ("Application").
We develope "Application"(s), according to permitted extensions of the user shell and 'as well as other intellectual property laws'.
Regards, P1 :8)