aljaz/shadow-rs
1
1
Fork 0
mirror of https://github.com/joaoviictorti/shadow-rs.git synced 2025-12-23 02:04:22 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
05bff9341c84bb278d024cd4c2aca8081c536787
shadow-rs/docs/process.md
joaoviictorti 3bfec0ec0f docs: Adding thread module documentation
2024-09-23 10:32:08 -03:00

149 lines
3.4 KiB
Markdown
Raw Blame History

## Process
## Hide / Unhide Process
Description:
This command allows you to hide or reveal specific processes on the system.
```cmd
shadow.exe process [hide | unhide] --pid <pid>
```
* `hide`: Hide the specified process.
* `unhide`: Unhide the specified process.
* `pid`: The PID of the process you want to hide or reveal.
Example of use:
```cmd
shadow.exe process hide --pid 1234
```
This command will hide the process with PID 1234.
## Elevate Process to System
Description:
This command allows you to raise the process to system.
```cmd
shadow.exe process elevate --pid <pid>
```
* `elevate`: Elevate the process.
* `pid`: The PID of the process you want to escalate to system.
Example of use:
```cmd
shadow.exe process elevate --pid 1234
```
This command will elevate the process with PID 1234.
## Process Signature (PP / PPL)
Description:
This command allows you to protect / unprotect a process using Process Protection (PP) or Protected Process Light (PPL).
```cmd
shadow.exe process signature --pt <protection> --sg <signature> --pid <pid>
```
* `signature`: Signature the process.
* `pt`: The protection type.
* Possible values:
- `none`: No protection
- `protected-light`: Light protection
- `protected`: Full protection
* `sg`: The protection signer.
* Possible values:
- `none`: No signer
- `authenticode`: Authenticode signer
- `code-gen`: Code generation signer
- `antimalware`: Antimalware signer
- `lsa`: LSA signer
- `windows`: Windows signer
- `win-tcb`: WinTcb signer
- `win-system`: WinSystem signer
- `app`: Application signer
- `max`: Maximum value for signers
* `pid`: The PID of the process you want to modify PP / PPL.
Example of use:
```cmd
shadow.exe process signature --pid 1234 --pt protected --sg win-tcb
```
This command changes the protection of the process with PID 1234.
## Process Protection (Anti-Kill / Dumping)
Description:
This command allows you to add or remove process protection.
```cmd
shadow.exe process protection --pid <pid> [--add | --remove]
```
* `protection`: Protect the specified process.
* `-a / --add`: Add the process.
* `-r / --remove`: Remove the process.
* `pid`: The PID of the process you want to protect.
Example of use:
```cmd
shadow.exe process protection --pid 1234 --add
```
This command will protect the process with PID 1234.
## Terminate Process
Description:
This command allows you to terminate a process.
```cmd
shadow.exe process terminate --pid <pid>
```
* `terminate`: Terminate the specified process.
* `pid`: The PID of the process you want to terminate.
Example of use:
```cmd
shadow.exe process terminate --pid 1234
```
This command will terminate the process with PID 1234.
## Lists protected and hidden processes currently on the system
Description:
This command allows you to list the processes that are currently protected or hidden.
```cmd
shadow.exe process enumerate -l -t <value>
```
* `enumerate`: Terminate the specified process.
* `-l / --list`: List the protected or hidden process.
* `-t / --type`: Specify which type you want to list.
* Possible values:
- `hide`: List of hidden targets
- `protection`: List of protected targets
Example of use:
```cmd
shadow.exe process enumerate -l -t protection
```
This command will close and list the currently protected processes.
Reference in New Issue View Git Blame Copy Permalink