Is this ability, that is exposed by the OS to any language that can dynamically load dlls, and is subject to all the usual fine grained permissions controls the OS offers (ie. You can only hide your own processes; or those you have the explicit rights to access.), really so different from the following which is available on many (most?) variants of *nix, and is documented in the perl docs?

$PROGRAM_NAME $0

Contains the name of the program being executed.

On some (read: not all) operating systems assigning to $0 modifies the argument area that the ps program sees. On some platforms you may have to use special ps options or a different ps to see the changes. Modifying the $0 is more useful as a way of indicating the current program state than it is for hiding the program you're running. (Mnemonic: same as sh and ksh.)

really so different from the following which is available on many (most?) variants of *nix, and is documented in the perl docs?

Yes it is, changing $0 doesn't hide the process from ps -- hiding a process is purely rootkit territory

Sigh, I will certainly not participate in an OS flame!

I just reported what I saw and asked if anyone more proficient with Win can have a look into it.

Thats it.

Cheers Rolf

I will certainly not participate in an OS flame!

If my asking a question and quoting the Perl POD constitutes "an OS flame" in your eyes, there's no more to be said.

---

With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.

"Science is about questioning the status quo. Questioning authority".

In the absence of evidence, opinion is indistinguishable from prejudice.

> Read the description of what the module does.

As mentioned I already did!

But Mal-Packer seems to be another beast.

Cheers Rolf