How to hide a process in Linux ???

rockthegod · 11-06-2005, 11:50 AM

Hi all...
Can neone tell me how to hide any process in Linux from <ps -aux > command. ???????????????????

GNUrag · 11-06-2005, 12:16 PM

You cannot hide a process.
Why do you need to hide a process anyways?

rockthegod · 11-06-2005, 12:56 PM

actually I hv seen a person hiding a particular process..there may be a command/program/hack nething.. probably which can hide a particular process tht u r currently running...tht person is not ready to disclose the tweak..so i am searching a hell lot for it.. even in windows thr is particular registry tweak which can hide a process from task manager...

GNUrag · 11-06-2005, 04:20 PM

You can interrupt a process, you can kill a process, you can make a process sleep, you can stop a process

But you CANNOT hide a process. What your friend might have done is done some trick to fool off you people.

Note that, $ ps -ax is an incorrect syntax, and does not show complete process listing.

Just have a look at this small example that i have written:

Code:

#include <stdio.h>
#include <stdlib.h>

int main(int argc, char *argv[])
{
  int i;
  for(i = 0; i < argc; i++)
    memset(argv[i], 0, strlen(argv[i]));
  for(;;);
}

what this does is destroys the argument table generated by executing the program. now if you go and view the file /proc/pid/cmdline then you'll notice that this file is empty since we destroyed argv variable.

compile and execute this program by:
$ gcc -o phide phide.c
# ./phide

now if you give $ ps aux then nothing would be shown.. However you can still view the program's listing by :

$ ps -u anurag -U anurag
replace anurag with the username who is executing the program. and you'll find the process phide listed.

Ask your friend to prove the he can hide processes for real or if he's playing some hiding trick.

rockthegod · 11-06-2005, 06:51 PM

thanx 4 the comprehensive info. Actually suppose u r working on a particular linux rig as a authentic user but not the administrator and u wanna run a process and don't want the admin to know tht such a process is running..even if he suspects tht a process is running in the background and he tries to list the processes tht is actually running on the rig by executing ps -aux command .

My friend actually showed me this thing happening on his machine. He was running a program <new.out> by executing <./new.out> so the process list showed <./new.out> running and then he did tht tweak and then even though the process was running , the linux task manager showed no such processes running. No..dont think tht I meant to do nething iilegal/forbidden.. its just a craze to know the tweak..thats all.

r0xx · 17-06-2005, 04:45 PM

Its not that difficult to hide processes. One way to do it is through syscall hijacking. Check the following link on rootkits. http://www.section6.net/wiki/index.p...el_Compromises

e-freak · 17-06-2005, 09:49 PM

Do you mean running a process in the background?

rockthegod · 18-06-2005, 06:25 PM

yup, the process will run in the background. Thanx roxx 4 ur website link.

r0xx · 19-06-2005, 03:25 PM

np rockthegod. This should be easier on linux 2.4 rather than on 2.6 kernel.

e-freak · 19-06-2005, 03:33 PM

I guess u can run processes in the background bu adding a "&" in the end of the command.

rockthegod · 20-06-2005, 03:54 PM

@e-freak: No No No. I didn't mean that "background" .... I meant tht the process
should run in the background but would not be visible in the "Task Manager"
of Linux in any case.

Popular Categories

Popular Articles

Content Categories

Sister Sites

Follow Us

Facebook Channels

Digit Magazine