Results 1 to 3 of 3

Thread: Invisible processes (from handles) / Copy SBI to Clipboard

  1. #1
    Junior Member
    Join Date
    May 2008
    Posts
    6

    Default Invisible processes (from handles) / Copy SBI to Clipboard

    "The list on the left contains" some PIDs from:
    Invisible processes (from handles)
    [Right Click] on a PID offers:
    Copy SBI to Clipboard
    but the only thing it fetches is:
    File:"<$FILE_EXE>",""

  2. #2
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,601

    Default

    Arg, not nice, but kind of logical, because for a hidden process, it's often difficult to impossible to determine it's filename.

    Any suggestions on how to deal with hidden processes (question to everyone)?

    As a start, I've added this feature request which would allow to get hold of the file (well, a dumped copy, but should be quite close to the original) at least.

    (update: if the detail window already shows, you can probably "guess" the filename by looking at the name of the first loaded module on the Modules tab)
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

  3. #3
    Junior Member
    Join Date
    May 2008
    Posts
    6

    Default

    Quote Originally Posted by PepiMK View Post
    ... (update: if the detail window already shows, you can probably "guess" the filename by looking at the name of the first loaded module on the Modules tab) ...
    Ugh, nice tip.

    RootAlyzer_0.2.0.32 finds two "Invisible procesess (from Handles)"
    DoubleClick shows no module e.g. nothing. OK, let it be running, start newest RootAlyzer in addition.
    RootAlyzer_0.2.1.35 finds same procesess and a third one.
    DoubleClick works ( for this feature)
    First module all three times is "RootAlyzer.exe", the filename of RootAlyzer_0.2.1.35. (Yes, my "RootAlyzer.exe" have different filenames, reflecting their version etc., so I can distingush between.)

    May be the "third" process is RootAlyzer_0.2.1.35,
    may be the "second" process is RootAlyzer_0.2.0.32,
    because they change every new runs of RootAlyzers.
    But what is the "first" process ? It is always the same process ID, even if RootAlyzer finished and is started again. No other RootAlyzer is running (if Task-Manager doesn't lie). And the first module of this process is all times the filename of actual started RootAlyzer (file renaming works fine).
    The list of modules seemed to be identicallay to the second an third processes, started and died with every running RootAlyzer.

    BTW: I tried the buttons in RootAlyzer_0.2.1.35 after DoubleClick a process ID:
    [Terminate] has no effekt.
    [Save as file] mentioned: Error: Could not dump the memory contents of process 0 to a file.
    (And yes, I tried all three process IDs I fetch.)

    (BTW: if you need details, send email in german, my mother tongue)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •