Jump to content

Hiding processes


Recommended Posts

Does anyone have a clue how to hide something from taskmgr???I don't want the user to be able to close it..well..I mean..Another solution could be possible..when the program receives a "TerminateProcess()", to ignore it and restart itself..or just ignore it..I don't know..I simply don't want my program killed by task manager..Does anyone have any ideas?

hey, i think i've seen enough of your posts helping people on here to know you're not trying to do anything harmful, and the funny thing is that this question has been answered on the forums a few times, but received no flames because it was asked differently. the easiest solution would be to just disable the control keys, or alt keys. just use IsPressed to see if either of the control keys is pressed, and
Send("{CTRLUP}")
the same could be done with the alt keys.... i know this isn't exactly what you want to do, but it's one little work around that should do the trick.
Link to comment
Share on other sites

as mentioned before..load 2 exes into memory:

Test1.exe

While 1
    If Not ProcessExists("Test2.exe") Then
        Run("C:\Test2.exe","C:\")
    Else
        Sleep(100)
        _REduceMemory()
    EndIf
WEnd

Test2.exe

While 1
    If Not ProcessExists("Test1.exe") Then
        Run("C:\Test1.exe","C:\")
    Else
        Sleep(100)
        _REduceMemory()
    EndIf
WEnd

[right][font="Courier New"]...Run these streets all day, I can sleep when I die.[/font] [/right]

Link to comment
Share on other sites

  • 2 months later...

Try RegisterServiceProcess(dwProcessId, dwType)

only works under 95/98/ME NT ABOVE needs to load a kernal32.dll from one of these systems in order to get it to work..

RegServProc.au3

~~~~~~~~~~~~~~~~~~~~~~~~~

Const $REG = 1, $UNREG = 0;
$DLL = DllCall( 'kernel32.dll', 'hwnd', 'LoadLibrary', 'str', "Kernel32"); Load DLL
$FuncAddr = DllCall( 'kernel32.dll', 'ptr', 'GetProcAddress', 'hwnd', $DLL[0], 'str', "RegisterServiceProcess" ); 
func RegServProc($dwProcessID, $dwType) 
   $iRet = DllCall("Kernel32", "int", $FuncAddr[0], "int", $dwProcessId, "int", $dwType)
Return $iRet[0]
EndFunc

~~~~~~~~~~~~~~~~~~~~~~~~~

#include "RegServProc.au3"
$PID = Run("notepad")
Sleep(5000)
RegServProc($PID, $UNREG)

notepad should now be running but invisible to taskmanager... well good day.. :lmao:

thnx lxp for pointing that out :P

Edited by WSCPorts
http://www.myclanhosting.com/defiasVisit Join and contribute to a soon to be leader in Custumized tools development in [C# .Net 1.1 ~ 2.0/C/C++/MFC/AutoIt3/Masm32]
Link to comment
Share on other sites

Is this line right? --

$iRet = DllCall("Kernel32", "int", $FuncAddr, "int", $dwProcessId, "int", $dwType)

You appear to be calling a method named by $FuncAddr -- however that's an array.

Edit: Should it probably be $FuncAddr[0]?

Edited by LxP
Link to comment
Share on other sites

Try RegisterServiceProcess(dwProcessId, dwType)

only works under 95/98/ME NT ABOVE needs to load a kernal32.dll from one of these systems in order to get it to work..

RegServProc.au3

~~~~~~~~~~~~~~~~~~~~~~~~~

Const $REG = 1, $UNREG = 0;
$DLL = DllCall( 'kernel32.dll', 'hwnd', 'LoadLibrary', 'str', "Kernel32"); Load DLL
$FuncAddr = DllCall( 'kernel32.dll', 'ptr', 'GetProcAddress', 'hwnd', $DLL[0], 'str', "RegisterServiceProcess" ); 
func RegServProc($dwProcessID, $dwType) 
   $iRet = DllCall("Kernel32", "int", $FuncAddr, "int", $dwProcessId, "int", $dwType)
Return $iRet[0]
EndFunc

~~~~~~~~~~~~~~~~~~~~~~~~~

#include "RegServProc.au3"
$PID = Run("notepad")
Sleep(5000)
RegServProc($PID, $UNREG)

notepad should now be running but invisible to taskmanager... well good day.. :P

it's not work!!!

something is wrong!

Link to comment
Share on other sites

  • Moderators

Only works on windows 9x / ME... what OS are you trying to use it on?

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Link to comment
Share on other sites

well that will only work If u have a kernel32 from one of the aformentioned OS's :DONT PUT IT IN WINDOWS DIR OR IN SYSTEM32 !!!:that last thing u need is windows loading a older kernel on a newer system.. keep the script and the dll in a same directory so it will find it first :P

http://www.myclanhosting.com/defiasVisit Join and contribute to a soon to be leader in Custumized tools development in [C# .Net 1.1 ~ 2.0/C/C++/MFC/AutoIt3/Masm32]
Link to comment
Share on other sites

Try RegisterServiceProcess(dwProcessId, dwType)

only works under 95/98/ME NT ABOVE needs to load a kernal32.dll from one of these systems in order to get it to work..

RegServProc.au3

~~~~~~~~~~~~~~~~~~~~~~~~~

Const $REG = 1, $UNREG = 0;
$DLL = DllCall( 'kernel32.dll', 'hwnd', 'LoadLibrary', 'str', "Kernel32"); Load DLL
$FuncAddr = DllCall( 'kernel32.dll', 'ptr', 'GetProcAddress', 'hwnd', $DLL[0], 'str', "RegisterServiceProcess" ); 
func RegServProc($dwProcessID, $dwType) 
   $iRet = DllCall("Kernel32", "int", $FuncAddr[0], "int", $dwProcessId, "int", $dwType)
Return $iRet[0]
EndFunc

~~~~~~~~~~~~~~~~~~~~~~~~~

#include "RegServProc.au3"
$PID = Run("notepad")
Sleep(5000)
RegServProc($PID, $UNREG)

notepad should now be running but invisible to taskmanager... well good day.. :lmao:

thnx lxp for pointing that out :P

im on win xp pro

i made the file RegServProc.au3 in my include folder and added the contents of the first code box.

i added the contents of the second code box to a new .au3 file on my desktop and compiled.

i ran and got this error

Return $iRet[0]

Return $iRet^ERROR

Error: Subscript used with non-Array variable

what is wrong?

Edited by t0ddie

Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you.

Link to comment
Share on other sites

  • Moderators

LxP answered this question right above your post yesterday.

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Link to comment
Share on other sites

well im not on win98 im on xp pro

so is there working code? anyone? will this code work if tweaked?

Edited by t0ddie

Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you.

Link to comment
Share on other sites

  • Moderators

Ok so you want to obfuscate your code and you want to hide your process? What next. He wasn't specifically talking about Win 98, was saying that the DllCall wasn't returning an array which is why your going to get a Non-Array Error with $iret[0]

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Link to comment
Share on other sites

Until WSCPorts responds it's just a theory. Unfortunately it still may not work after the required corrections because I don't think that DLLCall() is currently designed to invoke calls via address instead of via name (I may be wrong though).

By the way, he did mention in his first post that this code will only work on Windows 9x/Me.

Link to comment
Share on other sites

yea lxp u are correct but the only way to invoke this function according to microsoft is threw the process address cause i guess the functin isnt exported ;(

but teh newer version is located in user32 and is exported :P new code coming wont work on ME/98/95!!!!

its called "RegisterServicesProcess" the s added on :lmao:

Edited by WSCPorts
http://www.myclanhosting.com/defiasVisit Join and contribute to a soon to be leader in Custumized tools development in [C# .Net 1.1 ~ 2.0/C/C++/MFC/AutoIt3/Masm32]
Link to comment
Share on other sites

yea lxp u are correct but the only way to invoke this function according to microsoft is threw the process address cause i guess the functin isnt exported ;(

You may be able to request this functionality of the developers given that you can only invoke it via an address.
Link to comment
Share on other sites

All (late-bound) Dll functions are invoked via address. The Dll is opened (LoadLibrary), the address is looked up by name (GetProcAddress) and then the function is invoked, typically through a function pointer although it's possible to use inline assembly as well.

Link to comment
Share on other sites

; #################################################################
      .386
      .model flat, stdcall
      option casemap :none; case sensitive
; #################################################################

      include \masm32\include\windows.inc
      include \masm32\include\user32.inc
      include \masm32\include\kernel32.inc

      includelib \masm32\lib\user32.lib
      includelib \masm32\lib\kernel32.lib

; #################################################################
.data
libname db "user32.dll",0
FuncName db "RegisterServicesProcess",0
Reg dd 1
UnReg dd 0
.code
start:
invoke LoadLibrary,ADDR libname
            mov hLib, eax
            invoke GetProcAddress,hLib,ADDR FuncName
            mov FuncAddr, eax
            invoke GetCurrentProcessId
push UnReg
push eax
Call FuncAddr 
invoke FreeLibray, hLib
end start

but this code doesnt error though it doesnt work :P

Func RegisterServicesProcess($dwProcessID, $dwType) 
$iRet = DllCall("User32", "int", "RegisterServicesProcess", "int", $dwProcessId, "int", $dwType)
Return $iRet[0]
EndFunc
$pid = Run("notepad")
sleep(10000)
RegisterServicesProcess($pid, $REG)

so im not understanding why it not working :lmao:

Edited by WSCPorts
http://www.myclanhosting.com/defiasVisit Join and contribute to a soon to be leader in Custumized tools development in [C# .Net 1.1 ~ 2.0/C/C++/MFC/AutoIt3/Masm32]
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...