Written by me sometime in 2019, HideProcessHook is a DLL that hooks the NtQuerySystemInformation API and hides a process name. explorer.exe is used in this as an example.

Good for learning about basic byte-patch hooking on 32 bit and 64 bit systems.

HideProcessHook

The actual DLL that is used to perform the hook. Upon loading the DLL, NtQuerySytemInformation will be hooked hiding explorer.exe from the linked list

HideProcessHookTester

Loads HideProcessHook.dll, calls NtQuerySytemInformation and then prints out the results. If all is well, explorer.exe will not be in the output.

HideProcessHookInjector

Injects HideProcessHook.dll into a pid specified by user input, hiding explorer.exe. Keep in mind that HideProcessHook.dll must be in the same current directory as the injector executable!

Should work on all Windows versions, both 32 and 64 bit.

Manually injecting the DLL into Task Manager using Process Hacker: