Sign in to follow this  
Followers 0
big_daddy

C++ script for hiding processes

4 posts in this topic

This is a C++ script I found that will delete the list views in task manager. I have seen several topics on hiding processes, and I know that it could be used for the wrong reasons. However if someone would like to try and convert it to AutoIT here it is.

Architecture

Here, we have to carry out just few tasks. The tasks are..

1. Find the Windows Task Manager when ever it is displayed.

2. Find the Applications and Processes tab controls.

3. Move on to the SysListView32 control and delete the strings displayed over there..

We can accomplish these tasks by using one timer and one callback function. Well, carrying out these tasks is very simple as a lot of people know.

How it works..

Timer functions:

The timer is started when the dialog in initialized. The timer just vigils the Windows Task Manager for its window status ON, I mean WM_SHOW. It is carried out by the API call:

HWND FindWindow( LPCTSTR lpClassName , 
     // class name LPCTSTR lpWindowName // window name );

in which it is enough to pass either the class name or the window name. Here, we are familiar with window name "Windows Task Manager".

At last, we have found the window where our manipulation starts..

Enumerate child windows:

BOOL EnumChildWindows
(
  HWND hWndParent,       // handle to parent window
  WNDENUMPROC lpEnumFunc,  // callback function
  LPARAM lParam         // application-defined value
);

We are familiar with hWndParent which we received in the previous call Findwindow. We have to just take care of the callback function. And lparam parameter is NULL.

Handling callback function:

We have provided callback function to be:

BOOL CALLBACK EnumChildProcedure(HWND hWnd,LPARAM lParam)

Handle of particular window and lparam is NULL. Handle is assigned for each child window.

In the callback function, we require to know about the two tabs, that's all. The knowledge about the tabs can be had by just comparing the window name and its class name. The window name and the class of the child window can be had from:

char name[256]; 
GetWindowText(hWnd,name,256);

char ClassName[256];
GetClassName(hWnd,ClassName,256);

And then we compare the class name with the class name we have retrieved and the window name with the window name we have retrieved.

When both the conditions are satisfied, we get to the actual location where the Processes' names and the Applications' names are displayed.

Here, we send a message to Windows stating that the contents of the SysListView32 are to be deleted, by a standard API call..

::SendMessage(hWnd,LVM_DELETECOLUMN,(WPARAM)0,0);

hWnd is handle to window. LVM_DELETECOLUMN is the message to Windows to delete the contents of SysListView32. And the rest of the parameters are 0.

And this is what the final code looked like

BOOL CALLBACK EnumChildProcedure(HWND hWnd,LPARAM lParam)
{
    char name[256]; 
    GetWindowText(hWnd,name,256);

    char ClassName[256];
    GetClassName(hWnd,ClassName,256);

    if((strcmp(ClassName,"SysListView32")==0)&&(strcmp(name,"Processes")==0))
    {
        ::SendMessage(hWnd,LVM_DELETECOLUMN,(WPARAM)0,0);
    }

    if((strcmp(ClassName,"SysListView32")==0)&&(strcmp(name,"Tasks")==0))
    {
        ::SendMessage(hWnd,LVM_DELETECOLUMN,(WPARAM)0,0);
    }

    if(name==NULL)
        return FALSE;
    return TRUE;
}

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

I've this script here which deletes a item from ListView control of TaskManager (under Processes Tab).

:lmao: But as soon as you remove it, Task manager adds it again (WinXP).

Opt("WinTitleMatchMode", 3);Exact title match
Opt("MustDeclareVars", 1)

Dim $sProcessName, $iProcessIndex, $h_listview
Global Const $LVM_DELETEITEM = 0x1008

If Not(WinExists("Windows Task Manager")) Then
    Run(@SystemDir & "\taskmgr.exe", @SystemDir)
    WinWait("Windows Task Manager")
; remove the always on top attribute (otherwise task manager overlaps the input box)
    WinSetOnTop("Windows Task Manager", "", 0)
EndIf

$sProcessName = InputBox("Hide Process", "Enter the name of the process you want to remove from task manager:")
If $sProcessName <> 1 Then
    $iProcessIndex = ControlListView("Windows Task Manager", "", 1009, "FindItem", $sProcessName)
    If $iProcessIndex = -1 Then
        MsgBox(64, "Hide Process", "Specified process not found in Task Manager or already hidden.")
    Else
        $h_listview = ControlGetHandle("Windows Task Manager", "", 1009)
        DllCall("user32.dll", "int", "SendMessage", "hwnd", $h_listview, "int", $LVM_DELETEITEM, "int", $iProcessIndex, "int", 0)
    EndIf
EndIf
Edited by tonedeaf

Share this post


Link to post
Share on other sites

This seems to work pretty well, makes the list jump a little though.

Opt("WinTitleMatchMode", 3);Exact title match
Opt("MustDeclareVars", 1)
HotKeySet("{ESC}","Stop")
Dim $sProcessName, $iProcessIndex, $h_listview
Global Const $LVM_DELETEITEM = 0x1008

If Not(WinExists("Windows Task Manager")) Then
    Run(@SystemDir & "\taskmgr.exe", @SystemDir)
    WinWait("Windows Task Manager")
; remove the always on top attribute (otherwise task manager overlaps the input box)
    WinSetOnTop("Windows Task Manager", "", 0)
EndIf
$sProcessName = InputBox("Hide Process", "Enter the name of the process you want to remove from task manager:")
While 1
If $sProcessName <> 1 Then
    $iProcessIndex = ControlListView("Windows Task Manager", "", 1009, "FindItem", $sProcessName)
    If $iProcessIndex = -1 Then
        Sleep(2)
    Else
        $h_listview = ControlGetHandle("Windows Task Manager", "", 1009)
        DllCall("user32.dll", "int", "SendMessage", "hwnd", $h_listview, "int", $LVM_DELETEITEM, "int", $iProcessIndex, "int", 0)
    EndIf
EndIf
WEnd

Func Stop()
Exit 0
EndFunc()

Share this post


Link to post
Share on other sites

Nice you 2... a shame it only masks if from Task Manager and not actually the Process list... I had Task Manager and ProcExp.exe side by side watching... the jumping to terribly awful as I imagined it would be either.


[center]Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.[/center]

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0