Jump to content
  • Advertisement
Sign in to follow this  
Q3

Hiding a process from the task manager

This topic is 4481 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hi there! I'm looking for ways to hide a process from the "task manager" (for security purposes only) C#/C++. I found this API function "RegisterServiceProcess" that is supposed to do the deed but I get this error saying That the entry point could not be found in kernel32.dll where it is supposed to be... please help :)

Share this post


Link to post
Share on other sites
Advertisement
Here are some answers:

1. You can't - don't do it.
2. You CAN but only by creating a "rootkit", which is evil. Don't do it.
3. You can do it but you might get the same flak as Sony did on their DRM'd CDs.

RegisterServiceProcess I think is for win9x, to stop the process being shutdown when the user logs off. It's pretty much irrelevant becasue nobody uses win9x any more, and win9x usually crashes anyway before the user has a chance to log off.

You cannot hide a process easily, and indeed, under normal circumstances you should not.

It will not enhance security at all, just annoy people.

Mark

Share this post


Link to post
Share on other sites
Quote:
Original post by markr
You CAN but only by creating a "rootkit"
Wrong. There are serveral ways to do it. But all them are too complex if you didn't know of them yet :P

You could:
- periodically check for a taskmngr.exe process and, if you find one, manipulate the list view so it doesn't show the entry you want to hide.
- Write a replacement for the taskmngr.exe which looks and acts exactly the same but hides your process (which I would call a "rootkit")
- You could write a WDM driver to get ring 0 access (therefore access to the kernel) and use one of the many techniques to hook up the APIs which are used by the task manager to fetch the process list.

And I'm sure there are more ways to do it which I just don't know of.. :P

Share this post


Link to post
Share on other sites
It's called DLL injection. You call a remote thread that injects a thread into a currently running process(most commonly explorer.exe). It isn't as hard as you all seem to think, if you have a good understanding of programming. Enjoy.

Share this post


Link to post
Share on other sites
Quote:
Original post by cherryhouse
It's called DLL injection. You call a remote thread that injects a thread into a currently running process(most commonly explorer.exe). It isn't as hard as you all seem to think, if you have a good understanding of programming. Enjoy.


Yes, but DLL injection may alert the installed antivirus. :)
And I doubt it can be done with a window application or a console (I guess that's what Q3 wants since he uses C#), You can't put this into a DLL, can you? [smile]

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
Quote:
Original post by white skies
Quote:
Original post by cherryhouse
It's called DLL injection. You call a remote thread that injects a thread into a currently running process(most commonly explorer.exe). It isn't as hard as you all seem to think, if you have a good understanding of programming. Enjoy.


Yes, but DLL injection may alert the installed antivirus. :)
And I doubt it can be done with a window application or a console (I guess that's what Q3 wants since he uses C#), You can't put this into a DLL, can you? [smile]


You inject a DLL that hooks the enumeration API, and if it finds your parent process, it just returns the next process, instead of yours...

Share this post


Link to post
Share on other sites
Quote:
Original post by Anonymous Poster
Quote:
Original post by white skies
Quote:
Original post by cherryhouse
It's called DLL injection. You call a remote thread that injects a thread into a currently running process(most commonly explorer.exe). It isn't as hard as you all seem to think, if you have a good understanding of programming. Enjoy.


Yes, but DLL injection may alert the installed antivirus. :)
And I doubt it can be done with a window application or a console (I guess that's what Q3 wants since he uses C#), You can't put this into a DLL, can you? [smile]


You inject a DLL that hooks the enumeration API, and if it finds your parent process, it just returns the next process, instead of yours...



Can you elaborate on that please? :)

Share this post


Link to post
Share on other sites
There'e no point getting into DLL injection since you are probably new to programming. You'll have no idea what you're getting into. Infact, this whole subject would be out of your league, if you are new to programming.

Share this post


Link to post
Share on other sites
Quote:
Original post by cherryhouse
There'e no point getting into DLL injection since you are probably new to programming. You'll have no idea what you're getting into. Infact, this whole subject would be out of your league, if you are new to programming.


I think i can handle it.
All you need is love.
All I need is good tutorials :)

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

Participate in the game development conversation and more when you create an account on GameDev.net!

Sign me up!