{"id":18482203,"url":"https://github.com/jasonyang170/winprocesshide","last_synced_at":"2026-01-24T19:07:45.327Z","repository":{"id":225286014,"uuid":"765546628","full_name":"JasonYANG170/WinProcessHide","owner":"JasonYANG170","description":"win10，win11，windows应用隐藏，进程隐藏，外挂隐藏，躲避检测，免注入，无需dll。适用于游戏黑客，机密保护","archived":false,"fork":false,"pushed_at":"2024-05-09T02:27:16.000Z","size":36,"stargazers_count":158,"open_issues_count":4,"forks_count":21,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-19T16:47:37.522Z","etag":null,"topics":["game","game-hack","game-hack-menu","game-hacker","game-tool","hide","process-hacker","process-hide","process-manager","windows"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JasonYANG170.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-03-01T06:10:47.000Z","updated_at":"2025-04-07T15:43:03.000Z","dependencies_parsed_at":"2024-03-01T08:27:42.231Z","dependency_job_id":"203b6b66-a418-4c99-820c-435986734ebd","html_url":"https://github.com/JasonYANG170/WinProcessHide","commit_stats":null,"previous_names":["jasonyang170/winprocesshide"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/JasonYANG170/WinProcessHide","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JasonYANG170%2FWinProcessHide","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JasonYANG170%2FWinProcessHide/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JasonYANG170%2FWinProcessHide/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JasonYANG170%2FWinProcessHide/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JasonYANG170","download_url":"https://codeload.github.com/JasonYANG170/WinProcessHide/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JasonYANG170%2FWinProcessHide/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28734853,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-24T17:51:25.893Z","status":"ssl_error","status_checked_at":"2026-01-24T17:50:48.377Z","response_time":89,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["game","game-hack","game-hack-menu","game-hacker","game-tool","hide","process-hacker","process-hide","process-manager","windows"],"created_at":"2024-11-06T12:27:22.678Z","updated_at":"2026-01-24T19:07:45.306Z","avatar_url":"https://github.com/JasonYANG170.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n    \u003ch1\u003eWinProcessHide 应用进程隐藏\u003c/h1\u003e\n    \u003cimg src=\"https://img.shields.io/github/license/JasonYANG170/WinProcessHide?label=License\u0026style=for-the-badge\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/commit-activity/w/JasonYANG170/WinProcessHide?style=for-the-badge\"\u003e\n\t\u003cimg src=\"https://img.shields.io/github/languages/count/JasonYANG170/WinProcessHide?logo=windows\u0026style=for-the-badge\"\u003e\n\t\u003cbr\u003e\n    \t\u003ca href=\"https://discord.com/invite/az3ceRmgVe\"\u003e\u003cimg alt=\"Discord\" src=\"https://img.shields.io/discord/978108215499816980?style=social\u0026logo=discord\u0026label=echosec\"\u003e\u003c/a\u003e\n  \u003cbr\u003e\n\n这是一项基于Windows内核的应用进程隐藏，以至于包括系统软件在内的任何软件都无法检测到该应用，无需注入器，无需dll即可不被检测，适用于游戏黑客、电脑程序、外挂隐藏\n  \n\u003cbr\u003e\n\n\u003c/div\u003e\n\n## 适用于\nWINDOWS 7  \nWINDOWS 8  \nWINDOWS 10  \nWINDOWS 11  \n\n## 原理\n该隐藏思路是通过开启电脑内核调试功能，使用WinDbg从系统内核修改应用唯一的EPROCESS结构，从EPROCESS修改pid实现系统内核内隐藏应用进程，使得任何进程检测应用均无法检测。\n\n## 使用教程\n### 📌下载及开启调试模式\n1.在微软应用商店下载WinDbg  \n\n2.以**管理员权限**启动CMD或powershell，输入以下命令  \n\n    - bcdedit -debug on\n    - shutdown /r /t 0\n\n此时电脑会开启内核调试模式并重启 \n### 🔍查找16进制进程编号\n3.以**管理员权限**启动WinDbg，按下**ctrl+k**选择**Local**继续  \n\n4.顶部导航栏**View**选择**Command**，等待符号安装后即可进入内核调试命令行  \n\n5.命令行输入!process 0 0 XXX.exe查找进程（XXX是你要隐藏的应用进程名，你可以在任务管理器查看）  \n\n    - kd\u003e !process 0 0  XXX.exe\n    - PROCESS 8241d490  SessionId: none  Cid: 0178    Peb: 7ffdf000  ParentCid: 0004\n    - DirBase: 02b40040  ObjectTable: e148a4a0  HandleCount:  19.\n    - Image: XXX.exe\n\n6.记下 **- PROCESS 8241d490** ，然后输入  \n\n    - dt _eprocess 8241d490\n\n此时你就可以看到XXX.exe应用的唯一的EPROCESS结构  \n\n    - 0: kd\u003e dt _eprocess\n      nt!_EPROCESS\n     +0x000 Pcb              : _KPROCESS\n     +0x438 ProcessLock      : _EX_PUSH_LOCK\n     +0x440 UniqueProcessId  : Ptr64 Void\n     +0x448 ActiveProcessLinks : _LIST_ENTRY\n     +0x458 RundownProtect   : _EX_RUNDOWN_REF\n     ......\n     \n我们只用看 **+0x440 UniqueProcessId  : Ptr64 Void** 其中 **Void**前面的数字就是XXX.exe的16进制Pid号  \n### 🕶️伪装\n7.在任务管理器找一个**你想伪装的**应用，**右键**选择**转到详细信息**，记下该应用的Pid号，将该pid号从当前的10进制**转成16进制**，如abcd\n   \n8.输入 **ed 8241d490+0x440 abcd** 其中abcd是你想伪装的应用16进制Pid号，回车即可\n### 🎖️验证\n9.重复第6步查看是否修改成功，打开任务管理器检查，此时应用已经被隐藏，在任何检测软件中都是不可见的\n\n## 喜欢这个项目，请为我点个Star ⭐ \n\n[![Star History Chart](https://api.star-history.com/svg?repos=JasonYANG170/WinProcessHide\u0026type=Date)](https://star-history.com/#star-history/star-history\u0026Date)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjasonyang170%2Fwinprocesshide","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjasonyang170%2Fwinprocesshide","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjasonyang170%2Fwinprocesshide/lists"}