Hi there.

I'm creating a simple anti-cheat program for my game that kills most game cheating programs. (ex: WPE, Cheat Engine, etc.)

But I got stucked when trying to kill hidden processes. Say a program called "HideToolz". it can hide cheating programs from the process list, so that my anti-cheat program cannot detect it. (well, HideToolz can hide any other non-cheating related programs, too.)

And HideToolz itself is hidden from the process list in the Windows Task Manager, so that my program cannot block neither kill the process.

So, is there a way to detect and kill it? I'm using C#. but it would be okay if someone knows how to do this in C++ as I understand both languages.

Thanks.

I don't know how HideToolz works, but can you try to get all processes with name "your process name you want to kill" and loop on their IDs and kill them using Process.Kill which in System.Diagnostics

It doesn't work. HideToolz (and programs hid by HideToolz) doesn't listed in the array. I've also tried to use some other task/process management tool, but no luck, hidetoolz still cant be seen by them.

You can get a copy of HideToolz by searching on google.

So, don't use it, and you can run process without showing its GUI to the user!

Don't use what? I'm avoiding my players from using it.
I just finding out how to detect and kill hidden processes. in this case, HideToolz.

mmmmm, I'll think in this using C++, give me sometime..

so..
solved it already?

It may help http://www.autoitscript.com/forum/in...howtopic=66397

I need the C#/C++ implementation >.< not autoit scripts

There is not much documentation about hiding processes , try searching for antirootkit sources . But i dont think someone will code it in c# .
Here is an example of a very good russian hiden process detector :
http://www.wasm.ru/pub/21/files/phunter.rar its writen in delphi. Btw , here is a tutorial how to do the same with winapi , its in russian ,but try using google translate http://www.winblog.ru/2006/07/27/27070601.html =)
Maybe u'l find something usefull.