How does ProcessHider hide processes from monitoring tools like Task Manager?

ProcessHider achieves process hiding by injecting a payload DLL into target processes, which hooks the Windows API NtQuerySystemInformation(). This API is used by tools like Task Manager and Process Explorer to enumerate processes; the hook filters out specified processes from the returned list, making them invisible. For full technical details, see the ProcessHider Utilization Analysis.