# How to hide a process in Linux ???



## rockthegod (Jun 11, 2005)

Hi all...
Can neone tell me how to hide any process in Linux from <ps -aux > command. ???????????????????


----------



## GNUrag (Jun 11, 2005)

You cannot hide a process. 
Why do you need to hide a process anyways?


----------



## rockthegod (Jun 11, 2005)

*reply*

actually I hv seen a person hiding a particular process..there may be a command/program/hack nething.. probably which can hide a particular process tht u r currently running...tht person is not ready to disclose the tweak..so i am searching a hell lot for it.. even in windows thr is particular registry tweak which can hide a process from task manager...


----------



## GNUrag (Jun 11, 2005)

You can interrupt a process, you can kill a process, you can make a process sleep, you can stop a process 

But you CANNOT hide a process. What your friend might have done is done some trick to fool off you people. 

Note that, * $ ps -ax * is an incorrect syntax, and does not show complete process listing.

Just have a look at this small example that i have written:

```
#include <stdio.h>
#include <stdlib.h>

int main(int argc, char *argv[])
{
  int i;
  for(i = 0; i < argc; i++)
    memset(argv[i], 0, strlen(argv[i]));
  for(;;);
}
```

what this does is destroys the argument table generated by executing the program. now if you go and view the file */proc/pid/cmdline* then you'll notice that this file is empty since we destroyed argv variable.

compile and execute this program by:
* $ gcc -o phide phide.c
# ./phide *

now if you give * $ ps aux  *  then nothing would be shown.. However you can still view the program's listing by :

*$ ps -u anurag -U anurag  *
replace anurag with the username who is executing the program. and you'll find the process phide listed.

Ask your friend to prove the he can hide processes for real or if he's playing some hiding trick.


----------



## rockthegod (Jun 11, 2005)

*reply*

thanx 4 the comprehensive info. Actually suppose u r working on a particular linux rig as a authentic user but not the administrator and u wanna run a process and don't want the admin to know tht such a process is running..even if he suspects tht a process is running in the background and he tries to list  the processes tht is actually running on the rig by executing ps -aux command . 

My friend actually showed me this thing happening on his machine. He was running a program <new.out> by executing <./new.out> so the process list showed <./new.out> running and then he did tht tweak and then even though the process was running , the linux task manager showed no such processes running. No..dont think tht I meant to do nething iilegal/forbidden.. its just a craze to know the tweak..thats all.


----------



## r0xx (Jun 17, 2005)

Its not that difficult to hide processes. One way to do it is through syscall hijacking. Check the following link on rootkits.  *www.section6.net/wiki/index.php/Detecting_Kernel-Level_Compromises


----------



## e-freak (Jun 17, 2005)

Do you mean running a process in the background?


----------



## rockthegod (Jun 18, 2005)

yup, the process will run in the background. Thanx roxx 4 ur website link.


----------



## r0xx (Jun 19, 2005)

np rockthegod. This should be easier on linux 2.4 rather than on 2.6 kernel.


----------



## e-freak (Jun 19, 2005)

I guess u can run processes in the background bu adding a "&" in the end of the command.


----------



## rockthegod (Jun 20, 2005)

@e-freak: No No No. I didn't mean that "background" .... I meant tht the process
should run in the background but would not be visible in the "Task Manager" 
of Linux in any case.


----------

