how to write a batch, vbs, or cmd file that can run hidden as follows:
1- get (trace, fetch) a specific thread ID (TID) from svchost.exe
the thread called (wevtsvc.dll) and it’s being used by event log service
there are 4 of them, and they change their IDs every startup
2- make the script use the fetched ID to suspend the corresponding thread:
ProcessHacker.exe -c -ctype thread -cobject 1752 -caction suspend
ProcessHacker.exe -c -ctype thread -cobject 2012 -caction suspend
ProcessHacker.exe -c -ctype thread -cobject 2016 -caction suspend
ProcessHacker.exe -c -ctype thread -cobject 2028 -caction suspend
they all have the same name and starting address:
1584, , , wevtsvc.dll!ServiceMain+0x3ce0, Normal, EventLog
1668, , , wevtsvc.dll!ServiceMain+0x9720, Normal, EventLog
1672, , , wevtsvc.dll!ServiceMain+0x9720, Normal, EventLog
1716, , , wevtsvc.dll!ServiceMain+0x9720, Normal, EventLog
3- the script should be hidden (echo off) ( /c ) and closes itself automatically
4- (I know how to make it run at startup)
