C
C#5mo ago
peep

Process Hacker string remover

using System;
using System.Diagnostics;
using System.Runtime.InteropServices;

class Program
{
// PInvoke declarations for Win32 API functions
[DllImport("kernel32.dll", SetLastError = true)]
static extern IntPtr OpenProcess(uint processAccess, bool bInheritHandle, int processId);

[DllImport("kernel32.dll", SetLastError = true)]
static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint dwSize, out int lpNumberOfBytesWritten);

[DllImport("kernel32.dll", SetLastError = true)]
static extern bool CloseHandle(IntPtr hObject);

const uint PROCESS_ALL_ACCESS = 0x1F0FFF;

static void Main(string[] args)
{
Console.WriteLine("Process ID girin:");
if (!int.TryParse(Console.ReadLine(), out int processId))
{
Console.WriteLine("Geçersiz Process ID.");
return;
}

Console.WriteLine("Adres (hex formatında, örneğin 0x12345678):");
string addressInput = Console.ReadLine();
if (!addressInput.StartsWith("0x", StringComparison.OrdinalIgnoreCase) ||
!long.TryParse(addressInput.Substring(2), System.Globalization.NumberStyles.HexNumber, null, out long address))
{
Console.WriteLine("Geçersiz adres formatı.");
return;
}

IntPtr addressPtr = new IntPtr(address);

Console.WriteLine("Uzunluk:");
if (!uint.TryParse(Console.ReadLine(), out uint length))
{
Console.WriteLine("Geçersiz uzunluk.");
return;
}

byte[] newValue = new byte[length];
byte[] hexValue = BitConverter.GetBytes(0x473751488);
Array.Copy(hexValue, newValue, Math.Min(hexValue.Length, length));

IntPtr processHandle = OpenProcess(PROCESS_ALL_ACCESS, false, processId);
if (processHandle == IntPtr.Zero)
{
Console.WriteLine($"Süreç açılamadı. Hata kodu: {Marshal.GetLastWin32Error()}");
return;
}

try
{
if (WriteProcessMemory(processHandle, addressPtr, newValue, length, out int bytesWritten))
{
Console.WriteLine($"Başarıyla {bytesWritten} byte yazıldı.");
}
else
{
Console.WriteLine($"Bellek yazma hatası. Hata kodu: {Marshal.GetLastWin32Error()}");
}
}
finally
{
CloseHandle(processHandle);
}
}
}
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;

class Program
{
// PInvoke declarations for Win32 API functions
[DllImport("kernel32.dll", SetLastError = true)]
static extern IntPtr OpenProcess(uint processAccess, bool bInheritHandle, int processId);

[DllImport("kernel32.dll", SetLastError = true)]
static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint dwSize, out int lpNumberOfBytesWritten);

[DllImport("kernel32.dll", SetLastError = true)]
static extern bool CloseHandle(IntPtr hObject);

const uint PROCESS_ALL_ACCESS = 0x1F0FFF;

static void Main(string[] args)
{
Console.WriteLine("Process ID girin:");
if (!int.TryParse(Console.ReadLine(), out int processId))
{
Console.WriteLine("Geçersiz Process ID.");
return;
}

Console.WriteLine("Adres (hex formatında, örneğin 0x12345678):");
string addressInput = Console.ReadLine();
if (!addressInput.StartsWith("0x", StringComparison.OrdinalIgnoreCase) ||
!long.TryParse(addressInput.Substring(2), System.Globalization.NumberStyles.HexNumber, null, out long address))
{
Console.WriteLine("Geçersiz adres formatı.");
return;
}

IntPtr addressPtr = new IntPtr(address);

Console.WriteLine("Uzunluk:");
if (!uint.TryParse(Console.ReadLine(), out uint length))
{
Console.WriteLine("Geçersiz uzunluk.");
return;
}

byte[] newValue = new byte[length];
byte[] hexValue = BitConverter.GetBytes(0x473751488);
Array.Copy(hexValue, newValue, Math.Min(hexValue.Length, length));

IntPtr processHandle = OpenProcess(PROCESS_ALL_ACCESS, false, processId);
if (processHandle == IntPtr.Zero)
{
Console.WriteLine($"Süreç açılamadı. Hata kodu: {Marshal.GetLastWin32Error()}");
return;
}

try
{
if (WriteProcessMemory(processHandle, addressPtr, newValue, length, out int bytesWritten))
{
Console.WriteLine($"Başarıyla {bytesWritten} byte yazıldı.");
}
else
{
Console.WriteLine($"Bellek yazma hatası. Hata kodu: {Marshal.GetLastWin32Error()}");
}
}
finally
{
CloseHandle(processHandle);
}
}
}
Hello, the current function of this code is this way, I enter the PROCESS ID, then I enter the address and length of the string I want to delete in the process hacker and it is deleted. but what I want to do is this, I want it to automatically find the address and length of all the strings in explorer.exe that contain ‘istanbul.exe’ and delete them automatically, how can I do it?
27 Replies
jcotton42
jcotton425mo ago
um why? @peep
peep
peepOP5mo ago
No description
peep
peepOP5mo ago
this is my explorer.exe process id this changes every time I restart the computer
jcotton42
jcotton425mo ago
I want it to automatically find the address and length of all the strings in explorer.exe that contain ‘istanbul.exe’ and delete them automatically, how can I do it?
I'm asking why you want to do this.
peep
peepOP5mo ago
because the processhacker application shows all the data on my computer and the cheat controllers of some games connect to my computer and provide access to this application, there are things that I do not want to be seen.
jcotton42
jcotton425mo ago
So, defeating anticheats?
peep
peepOP5mo ago
yes
Buddy
Buddy5mo ago
That makes no sense Process Hacker is a more advanced task manager, it isnt a cheat.
peep
peepOP5mo ago
already not a cheat but anticheats are checking from processhacker
jcotton42
jcotton425mo ago
In any case, an app writing to random processes looks very cheat-y.
peep
peepOP5mo ago
there are files with .exe extension that I do not know here, I want to delete them
Buddy
Buddy5mo ago
Why?
peep
peepOP5mo ago
because anticheats are checking from processhacker
Buddy
Buddy5mo ago
It sounds super malicious to remove items seen from a 3rd party task manager
peep
peepOP5mo ago
What kind of malicious intent could there be?
Buddy
Buddy5mo ago
I'm sorry, I don't understand this sentence. Thats literally what is supposed to happen
peep
peepOP5mo ago
Will you help me?
Buddy
Buddy5mo ago
I'm not even sure what the purpose is.
peep
peepOP5mo ago
I mean, I don't understand how I can make a bad use of it? I just want to delete the string from the process hacker
jcotton42
jcotton425mo ago
trying to hide a process is always fishy
peep
peepOP5mo ago
ok thanks
Buddy
Buddy5mo ago
Hooking yourself into explorer.exe then wanting to remove said process name from Strings listed by process hacker sounds like a malware
peep
peepOP5mo ago
I can already remove it now, the only question I have is will I be able to remove all istanbul.exe containing results in one go
jcotton42
jcotton425mo ago
what even is istanbul.exe?
Buddy
Buddy5mo ago
Note that anyone can just dump the process and find out the names .. You aren't doing anything
Scratch
Scratch5mo ago
!ban @peep developing cheats
jcotton42
jcotton425mo ago
aww, i was wanting to see their response oh well
Want results from more Discord servers?
Add your server