Hiding a process from the task manager
Author
Hi there!
I'm looking for ways to hide a process from the "task manager" (for security purposes only) C#/C++.
I found this API function "RegisterServiceProcess" that is supposed to do the deed but I get this error saying That the entry point could not be found in kernel32.dll where it is supposed to be...
please help :)
Here are some answers:
1. You can't - don't do it.
2. You CAN but only by creating a "rootkit", which is evil. Don't do it.
3. You can do it but you might get the same flak as Sony did on their DRM'd CDs.
RegisterServiceProcess I think is for win9x, to stop the process being shutdown when the user logs off. It's pretty much irrelevant becasue nobody uses win9x any more, and win9x usually crashes anyway before the user has a chance to log off.
You cannot hide a process easily, and indeed, under normal circumstances you should not.
It will not enhance security at all, just annoy people.
Mark
1. You can't - don't do it.
2. You CAN but only by creating a "rootkit", which is evil. Don't do it.
3. You can do it but you might get the same flak as Sony did on their DRM'd CDs.
RegisterServiceProcess I think is for win9x, to stop the process being shutdown when the user logs off. It's pretty much irrelevant becasue nobody uses win9x any more, and win9x usually crashes anyway before the user has a chance to log off.
You cannot hide a process easily, and indeed, under normal circumstances you should not.
It will not enhance security at all, just annoy people.
Mark
Quote:Original post by markrWrong. There are serveral ways to do it. But all them are too complex if you didn't know of them yet :P
You CAN but only by creating a "rootkit"
You could:
- periodically check for a taskmngr.exe process and, if you find one, manipulate the list view so it doesn't show the entry you want to hide.
- Write a replacement for the taskmngr.exe which looks and acts exactly the same but hides your process (which I would call a "rootkit")
- You could write a WDM driver to get ring 0 access (therefore access to the kernel) and use one of the many techniques to hook up the APIs which are used by the task manager to fetch the process list.
And I'm sure there are more ways to do it which I just don't know of.. :P
It's called DLL injection. You call a remote thread that injects a thread into a currently running process(most commonly explorer.exe). It isn't as hard as you all seem to think, if you have a good understanding of programming. Enjoy.
Quote:Original post by cherryhouse
It's called DLL injection. You call a remote thread that injects a thread into a currently running process(most commonly explorer.exe). It isn't as hard as you all seem to think, if you have a good understanding of programming. Enjoy.
Yes, but DLL injection may alert the installed antivirus. :)
And I doubt it can be done with a window application or a console (I guess that's what Q3 wants since he uses C#), You can't put this into a DLL, can you? [smile]
Quote:Original post by white skiesQuote:Original post by cherryhouse
It's called DLL injection. You call a remote thread that injects a thread into a currently running process(most commonly explorer.exe). It isn't as hard as you all seem to think, if you have a good understanding of programming. Enjoy.
Yes, but DLL injection may alert the installed antivirus. :)
And I doubt it can be done with a window application or a console (I guess that's what Q3 wants since he uses C#), You can't put this into a DLL, can you? [smile]
You inject a DLL that hooks the enumeration API, and if it finds your parent process, it just returns the next process, instead of yours...
Author
Quote:Original post by Anonymous PosterQuote:Original post by white skiesQuote:Original post by cherryhouse
It's called DLL injection. You call a remote thread that injects a thread into a currently running process(most commonly explorer.exe). It isn't as hard as you all seem to think, if you have a good understanding of programming. Enjoy.
Yes, but DLL injection may alert the installed antivirus. :)
And I doubt it can be done with a window application or a console (I guess that's what Q3 wants since he uses C#), You can't put this into a DLL, can you? [smile]
You inject a DLL that hooks the enumeration API, and if it finds your parent process, it just returns the next process, instead of yours...
Can you elaborate on that please? :)
There'e no point getting into DLL injection since you are probably new to programming. You'll have no idea what you're getting into. Infact, this whole subject would be out of your league, if you are new to programming.
Author
Quote:Original post by cherryhouse
There'e no point getting into DLL injection since you are probably new to programming. You'll have no idea what you're getting into. Infact, this whole subject would be out of your league, if you are new to programming.
I think i can handle it.
All you need is love.
All I need is good tutorials :)
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
