inline bool HideThread(HANDLE hThread){ typedef NTSTATUS (NTAPI *pNtSetIn

1. inline bool HideThread(HANDLE hThread)
2. {
3. typedef NTSTATUS (NTAPI *pNtSetInformationThread)
4. (HANDLE, UINT, PVOID, ULONG);
5. NTSTATUS Status;
6.  
7. // Get NtSetInformationThread
8. pNtSetInformationThread NtSIT = (pNtSetInformationThread)
9. GetProcAddress(GetModuleHandle( TEXT("ntdll.dll") ),
10. "NtSetInformationThread");
11.  
12. // Shouldn't fail
13. if (NtSIT == NULL)
14. return false;
15.  
16. // Set the thread info
17. if (hThread == NULL)
18. Status = NtSIT(GetCurrentThread(),
19. 0x11, // HideThreadFromDebugger
20. 0, 0);
21. else
22. Status = NtSIT(hThread, 0x11, 0, 0);
23.  
24. if (Status != 0x00000000)
25. return false;
26. else
27. return true;
28. }
29.  
30. void WINAPI MainThread( ){
31. _Main() ;
32. }
33.  
34. BOOL WINAPI DllMain ( HMODULE hModule, DWORD dwReason, LPVOID lpvReserved ){
35. switch ( dwReason ) {
36. case DLL_PROCESS_ATTACH: {
37. DisableThreadLibraryCalls(hModule);
38. HANDLE denegelthr = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&MainThread, NULL, 0, NULL);
39. HideThread(denegelthr);
40. HideThread(GetCurrentThread());
41.  
42. if ( denegelthr == NULL ) {
43. return true;
44. }
45. }
46.  
47. break;
48.  
49. case DLL_PROCESS_DETACH:
50. ::ExitProcess(0);
51. break;
52.  
53. case DLL_THREAD_ATTACH:
54. break;
55.  
56. case DLL_THREAD_DETACH:
57. ::ExitProcess(0);
58. break;
59. }
60. return TRUE;
61. }