From: Ray Arachelian <sunder@dorsai.dorsai.org>
Date: Sat, 3 Feb 1996 04:37:40 +0800
To: Jean-Francois Avon <jf_avon@citenet.net>
Subject: Re: Active processes monitoring?
In-Reply-To: <9602010555.AA19695@cti02.citenet.net>
Message-ID: <Pine.SUN.3.91.960202135824.18690B-100000@dorsai>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 1 Feb 1996, Jean-Francois Avon wrote:

> Hi!
> 
> I'm running on a first generation 486 ISA 4meg ram Win 3.11
> I use realdeal /commercial  and wipeswap.exe in an *.bat that launch Win3.11
> How can I detect if another process is running on my system?
> I use MEM /c in a dos window.  But is that sufficient?
> Can a hidden process detect MEM loading and hide itself somehow?
> 
> Are there others applications like MEM that are not as universal?
> (here, I guess that such stealth behaviour have to rely on identifying the
> program being loaded, thus, a less common program has less chance of 
> being fooled)

Mem /C doesn't do squat under 95... don't know about 3.11.... since each 
DOS box runs in its own space, MEM /C cannot see what processes are 
running in Windoze.

==========================================================================
 + ^ + |  Ray Arachelian |Emptiness is loneliness, and loneliness|  _ |>
  \|/  |sunder@dorsai.org|is cleanliness  and cleanliness is god-|  \ |
<--+-->|                 |liness and god is empty,  just like me,|   \|
  /|\  |    Just Say     |intoxicated  with the maddness,  I'm in|   <|\
 + v + | "No" to the NSA!|love with my sadness.   (Pumpkins/Zero)|   <| n
===================http://www.dorsai.org/~sunder/=========================