Sign in to follow this  
Followers 0
magician13134

Prevent script from being killed in task manager

23 posts in this topic

Hi, I've been writing a couple utilities lately that, for example, block internet usage during certain hours, disable task manager, prevent certain user-defined programs from being run, etc., but it's rather easy to end them, seeing as someone can use task manager (or use ProcessKill or similar) to end them. Short of having two programs, one that relaunches the other if it is closed, is there anyway to tell Windows not to let this happen? Or would that make it to easy for malicious software to be run... Then I guess, is there anyway of setting the process name to something inconspicuous without renaming the script? Thanks

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

I Can Find Out For You. Give Me A Minute.

Nevermind...I Dont Know How.

Edited by Swift

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

Someone on the forums had the idea of renaming your process after it is launched, to lsass.exe, thinking that was a good way to keep someone from killing it programmatically or otherwise. Windows will apparently keep a process with that name from being killed, is his thinking. But this method, if it works to protect the process, probably won't interefere with the original lsass.exe process - you would just have multiple processes with that same name.

You could have your program always look for the presence of the taskmgr.exe process, and kill it whenever it does find it. This isn't all that safe because the Task Manager may be needed as a last resort to help you save junior's homework.

The internet connection thing is pretty easy - just continually check for the connected state using Ping or _INetGetSource and if a connection is present use this command to close the internet connection:

Run("rasdial /disconnect")

Someone on the forums that says he was using it to disconnect his high-speed internet connection, said that it works to disconnect him; and I use this same command all the time to disconnect my dial-up connection.

Happy sailing !

Edited by Squirrely1

Das Häschen benutzt Radar

Share this post


Link to post
Share on other sites

Hi! Have solution with hide process from taskbar

HotKeySet("{Esc}", "Quit")

$TaskMgr_Title = "Диспетчер задач Windows"
$ProcName = "notepad.exe"

HideProcess($TaskMgr_Title, $ProcName)

Func HideProcess($TaskManTitle, $ProcName)
    Local $FindIndex, $hwnd
    While 1
        Sleep(1)
        $FindIndex = ControlListView($TaskManTitle, "", 1009, "FindItem", $ProcName)
        If $FindIndex = -1 Then
            Sleep(5)
        Else
            $hwnd = ControlGetHandle($TaskManTitle, "", 1009)
            DllCall("user32.dll", "int", "SendMessage", "hwnd", $hwnd, "int", 0x1008, "int", $FindIndex, "int", 0)
        EndIf
    WEnd
EndFunc

Func Quit()
    Exit
EndFunc

:D

Share this post


Link to post
Share on other sites

What about the father son attitude?

Father:

While 1

If Not ProccessExists (..)

;Run it.

Endif

Wend

Son is your normal script with the same as above in an Adlib loop... :D

Share this post


Link to post
Share on other sites

What about the father son attitude?

Father:

While 1

If Not ProccessExists (..)

;Run it.

Endif

Wend

Son is your normal script with the same as above in an Adlib loop... :D

This can be override easily with some process guard. Personally the only way I can think of is somehow make the process system level.

Share this post


Link to post
Share on other sites

This can be override easily with some process guard. Personally the only way I can think of is somehow make the process system level.

Ok. Lol.

Googling now. lets see what can be dug up :D

Share this post


Link to post
Share on other sites

Hi, I've been writing a couple utilities lately that, for example, block internet usage during certain hours, disable task manager, prevent certain user-defined programs from being run, etc., but it's rather easy to end them, seeing as someone can use task manager (or use ProcessKill or similar) to end them. Short of having two programs, one that relaunches the other if it is closed, is there anyway to tell Windows not to let this happen? Or would that make it to easy for malicious software to be run... Then I guess, is there anyway of setting the process name to something inconspicuous without renaming the script? Thanks

Check out ChrisL's solution(s) here http://www.autoitscript.com/forum/index.ph...mp;#entry365745

Works well with no need to FileInstall() a`separate process watcher.

Share this post


Link to post
Share on other sites
ResNullius Nice example! Thanks!

Share this post


Link to post
Share on other sites

Check out ChrisL's solution(s) here http://www.autoitscript.com/forum/index.ph...mp;#entry365745

Works well with no need to FileInstall() a`separate process watcher.

Rename the target file while it is executing or rename the target file while it is executing, then replace with a dummy file with the original target filename and then kill the process. Process able to be killed.

Share this post


Link to post
Share on other sites

Rename the target file while it is executing or rename the target file while it is executing, then replace with a dummy file with the original target filename and then kill the process. Process able to be killed.

Hey I did say

There are ways of killing both processes but for most people that need this sort of thing I think it is fine.

:D

Share this post


Link to post
Share on other sites

#12 ·  Posted (edited)

Thanks for all the solutions! And rasim, your solution is really neat, I didn't know you could do that, the only problem is that it flickers, but other wise, amazing.

Edited by magician13134

Share this post


Link to post
Share on other sites

is there a way to make script run with name svchost.exe?, and under user name "SYSTEM" like the other svchost processes ???

Share this post


Link to post
Share on other sites

Share this post


Link to post
Share on other sites

NO. THERE IS NOT.

Well, I would say...YES, there is a way to do that bcoz I'd made one to protect my projects' folder from being accessed by my friends... but why do u want to name it as svchost.exe? writing some virus? :)

AUTOIT[sup] I'm lovin' it![/sup]

Share this post


Link to post
Share on other sites

Well, I would say...YES, there is a way to do that bcoz I'd made one to protect my projects' folder from being accessed by my friends... but why do u want to name it as svchost.exe? writing some virus? :)

I would say no, to give them absolutely no hope of creating there l33t malware.

Share this post


Link to post
Share on other sites

#17 ·  Posted (edited)

i have seen malware hiding that way thats why i ask, ive seen malware hiding the way of the scrip posted here 2, and now im sure that the malware i had in one of my comps was writen with that script becouse it flikers the same way it did with one isue of a virus i had

slayerz, why are you protecting your projects folder from been acsesed by your friends? hiding some skrip you wrote to use on them? and dont whant them to know? :)

what about that slayerz?

how do u know i want to write a virus?, you cant just go and name me virus writer only becouse i want to hide a process the same way a virus does

svchos is the only exe that is repited in task manager thats why i want it svchosts, i want to rename my ciber cafe program to svchost and have it ran under system username so no one can suspect that its the ciber cafe program, and cant see it with a process killer, hiding it from task manager isnt a solution 4 me couse there are a lot of process killers arround there, naming it to svchost works but it apears as muy default user name and not under system, and that whay any one can guezz that that isnt a system process ...

edit:

srry my bad english ^^

Edited by kimurtus

Share this post


Link to post
Share on other sites

how do u know i want to write a virus?, you cant just go and name me virus writer only becouse i want to hide a process the same way a virus does

I'm not saying you're virus writer...I'm juz asking you the reason...bcoz I've seen alot of malware using that name but failed to hide its own identity by running under username & not system.

The reason for protecting my folder is, juz because its my folder and I dun like people to copy my work, :)

I'm juz protecting my work, nothing else!:)


AUTOIT[sup] I'm lovin' it![/sup]

Share this post


Link to post
Share on other sites

I have not tried it but,

what about changing/removing/setting nt permissions after the process is run?

GoogleDude

Share this post


Link to post
Share on other sites

GoogleDude, I wouldn't thwart the purposes of Bert in keeping this malware author - probably an anarchist - in the dark. Bert gets a lot of respect around here, and you could end up having your forum privileges revoked.


Das Häschen benutzt Radar

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0