How exactly do "hidden" processes work

Question

How can a process be hidden inside another one?

Is the process moved into another process and turned into a thread with it's own run loop?

How exactly does a process get moved? I see this Metasploit command, migrate PID which seems to do this.

I would like to know how this works internally, does it use IPC or if the memory of the process is being moved into a target process with PID, how is this done and how does the process being migrated continue to run?

Process migration in metasploit has been explained here: https://security.stackexchange.com/questions/90578/how-does-process-migration-work-in-meterpreter — Arminius, Oct 08 '16 at 04:14

score 1 · Accepted Answer · answered Oct 11 '16 at 16:25

1

Is the process moved into another process and turned into a thread with it's own run loop?

Essentially Yes.

answered Oct 11 '16 at 16:25

Nick Mckenna

507
2
8

How exactly do "hidden" processes work

1 Answers1