Jump to content

Hide Process Name?


Recommended Posts

yes, my question is, is there any command or function where i can hide process names in windows task manager??

here is an example:

i've got a process named: "process1", now i look at my windows task manger and its there, but when i start a script the process "process1" is still aktive but not in taskmanger

is this possible to make??

Greetz

Link to comment
Share on other sites

yes, my question is, is there any command or function where i can hide process names in windows task manager??

here is an example:

i've got a process named: "process1", now i look at my windows task manger and its there, but when i start a script the process "process1" is still aktive but not in taskmanger

is this possible to make??

Greetz

Yes, virus writers does it all the time. What is your excuse?
Link to comment
Share on other sites

http://www.codeproject.com/system/Hack_Win...ask_Manager.asp

Provides souce code and method for how to hide a process from the Process List. The string that contains the name of your process must be deleted from the SysListView32 control every .5 seconds or less, that is its refresh rate.

Seems fairly straight forward and I'm sure there are several approachs to this particular problem.

AutoIt Scripts:Aimbot: Proof of Concept - PixelSearching Aimbot with several search/autoshoot/lock-on techniques.Sliding Toolbar - Add a nice Sliding Toolbar to your next script. Click the link to see an animation of it in action!FontInfo UDF - Get list of system fonts, or search to see if a particular font is installed.Get Extended Property UDF - Retrieve a files extended properties (e.g., video/image dimensions, file version, bitrate of song/video, etc)
Link to comment
Share on other sites

I wanted to Hide a process a while back because Nprotect used to search for process names and I wanted to prevent that.

Oh, and Warden from World of Warcraft can detect bots if you run it while detected

Edited by =sinister=
Link to comment
Share on other sites

Sinister, I had to hide a process for the same reason. an Nprotected game would shutdown if it saw certain processes running.

AutoIt Scripts:Aimbot: Proof of Concept - PixelSearching Aimbot with several search/autoshoot/lock-on techniques.Sliding Toolbar - Add a nice Sliding Toolbar to your next script. Click the link to see an animation of it in action!FontInfo UDF - Get list of system fonts, or search to see if a particular font is installed.Get Extended Property UDF - Retrieve a files extended properties (e.g., video/image dimensions, file version, bitrate of song/video, etc)
Link to comment
Share on other sites

  • Moderators

Provides souce code and method for how to hide a process from the Process List. The string that contains the name of your process must be deleted from the SysListView32 control every .5 seconds or less, that is its refresh rate.

If I'm not mistaken, I believe that's been attempted in the last few months... It really looked bad.

Edit:

Quoted the wrong post.

Edited by SmOke_N

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Link to comment
Share on other sites

I believe that setting a process as a service will hide the task in taskmanager...

But that is only 1 solution which I know...

One method of setting a process as a service:

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

Platform SDK: Windows 9x Programming

RegisterServiceProcess

The RegisterServiceProcess function registers or unregisters a service process. A service process continues to run after the user logs off.

To call RegisterServiceProcess, retrieve a function pointer using GetProcAddress on KERNEL32.DLL. Use the function pointer to call RegisterServiceProcess.

DWORD RegisterServiceProcess(

DWORD dwProcessId,

DWORD dwType

);

Parameters

dwProcessId

Specifies the identifier of the process to register as a service process. Specifies NULL to register the current process.

dwType

Specifies whether the service is to be registered or unregistered. This parameter can be one of the following values.

Value | Meaning

0 | Unregisters the process as a service process.

1 | Registers the process as a service process.

Return Values

The return value is 1 if successful or 0 if an error occurs.

GetProcAddress

Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).

FARPROC WINAPI GetProcAddress(

HMODULE hModule,

LPCSTR lpProcName

);

Parameters

hModule

[in] Handle to the DLL module that contains the function or variable. The LoadLibrary or GetModuleHandle function returns this handle.

lpProcName

[in] Pointer to a null-terminated string that specifies the function or variable name, or the function's ordinal value. If this parameter is an ordinal value, it must be in the low-order word; the high-order word must be zero.

Return Values

If the function succeeds, the return value is the address of the exported function or variable.

If the function fails, the return value is NULL. To get extended error information, call GetLastError.

Remarks

The spelling and case of a function name pointed to by lpProcName must be identical to that in the EXPORTS statement of the source DLL's module-definition (.def) file. The exported names of functions may differ from the names you use when calling these functions in your code. This difference is hidden by macros used in the SDK header files. For more information, see Conventions for Function Prototypes.

The lpProcName parameter can identify the DLL function by specifying an ordinal value associated with the function in the EXPORTS statement. GetProcAddress verifies that the specified ordinal is in the range 1 through the highest ordinal value exported in the .def file. The function then uses the ordinal as an index to read the function's address from a function table. If the .def file does not number the functions consecutively from 1 to N (where N is the number of exported functions), an error can occur where GetProcAddress returns an invalid, non-NULL address, even though there is no function with the specified ordinal.

In cases where the function may not exist, the function should be specified by name rather than by ordinal value.

This function is found in KERNEL32.DLL.

SampleC++ Code: (Not tested)

#include <stdio.h> 
#include <windows.h> 
 
typedef DWORD (*MYPROC)(DWORD, DWORD); 
 
VOID main(VOID) 
{ 
    HINSTANCE hinstLib; 
    MYPROC ProcAdd; 
    BOOL fFreeResult, fRunTimeLinkSuccess = FALSE; 
 
    // Get a handle to the DLL module.
 
    hinstLib = LoadLibrary(TEXT("KERNEL32")); 
 
    // If the handle is valid, try to get the function address.
 
    if (hinstLib != NULL) 
    { 
        ProcAdd = (MYPROC) GetProcAddress(hinstLib, TEXT("RegisterServiceProcess")); 
 
        // If the function address is valid, call the function.
 
        if (NULL != ProcAdd) 
        {
            fRunTimeLinkSuccess = TRUE;
            //Call the function:
            //(ProcAdd) (/*Process ID*/, 1); 
        }
 
        // Free the DLL module.
 
        fFreeResult = FreeLibrary(hinstLib); 
    } 
 
    // If unable to call the DLL function, use an alternative.
 
    if (! fRunTimeLinkSuccess) 
        printf("Message via alternative method\n"); 
}

#)

[EDIT]: I have an off-topic question: which type of calling convention do DLL functions normally use?

Edited by nfwu
Link to comment
Share on other sites

  • 2 years later...

http://www.codeproject.com/system/Hack_Win...ask_Manager.asp

Provides souce code and method for how to hide a process from the Process List. The string that contains the name of your process must be deleted from the SysListView32 control every .5 seconds or less, that is its refresh rate.

Seems fairly straight forward and I'm sure there are several approachs to this particular problem.

can this be done in autoit

im tryed but ...

cant get control of entries in the list

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...