hagur
asked on
RegisterServiceProcess function
Hi,
I have a program which uses the RegisterServiceProcess function to hide from the process list in Win9x.
The way I use it is like this:
I declare the function above the implementation line:
function RegisterServiceProcess(dwP
implementation
....
Then I call it like this in the form-create event:
RegisterServiceProcess(Get
This works fine on Win9x and the program is infact hidden.
However, when I try to run the program on WinNT, I get an error saying that the procedure can not be found in Kernel32.dll which is pretty easy to understand because it is not available in NT/2k/XP
To prevent seeing this message I decided to detect which operating system the program is run on, and if it is Windows 9x, then dynamically load kernel32.dll and call the function. Something like this:
procedure TfrmBase.FormCreate(Sender
var
extprocRegisterServiceProc
begin
//here I check which windows is running, if it is Win9x I run the following code:
hndKernel:=LoadLibrary('KE
@extprocRegisterServicePro
extprocRegisterServiceProc
FreeLibrary(hndKernel);
end;
This just WONT work when run on Win9x! If it is done in the formcreate event I'll either get an access violation or a strange error saying that project1.exe has caused an error in <unknown> at address <unknown> or something. Then the program crashes.
If, however, I place the code in the onclick event of a button, either nothing happens or I get an access violation. Atleast the function call fails because the program does not get hidden from the process list.
So in other words, I need to be able to dynamically call the function RegisterServiceProcess from kernel32.dll to hide my program from the processlist in Win9x. I can not do it by declaring the function like this:
function RegisterServiceProcess(dwP
because then I'll get a nasty error when I run the program on WinNT/2k/XP
How can I do this?
I have a program which uses the RegisterServiceProcess function to hide from the process list in Win9x.
The way I use it is like this:
I declare the function above the implementation line:
function RegisterServiceProcess(dwP
implementation
....
Then I call it like this in the form-create event:
RegisterServiceProcess(Get
This works fine on Win9x and the program is infact hidden.
However, when I try to run the program on WinNT, I get an error saying that the procedure can not be found in Kernel32.dll which is pretty easy to understand because it is not available in NT/2k/XP
To prevent seeing this message I decided to detect which operating system the program is run on, and if it is Windows 9x, then dynamically load kernel32.dll and call the function. Something like this:
procedure TfrmBase.FormCreate(Sender
var
extprocRegisterServiceProc
begin
//here I check which windows is running, if it is Win9x I run the following code:
hndKernel:=LoadLibrary('KE
@extprocRegisterServicePro
extprocRegisterServiceProc
FreeLibrary(hndKernel);
end;
This just WONT work when run on Win9x! If it is done in the formcreate event I'll either get an access violation or a strange error saying that project1.exe has caused an error in <unknown> at address <unknown> or something. Then the program crashes.
If, however, I place the code in the onclick event of a button, either nothing happens or I get an access violation. Atleast the function call fails because the program does not get hidden from the process list.
So in other words, I need to be able to dynamically call the function RegisterServiceProcess from kernel32.dll to hide my program from the processlist in Win9x. I can not do it by declaring the function like this:
function RegisterServiceProcess(dwP
because then I'll get a nasty error when I run the program on WinNT/2k/XP
How can I do this?
ASKER
Thank you for this Inthe, I'm going to test this as soon as I can.
ASKER
HI Inthe, I tried your solution. I declared it as a type and then I put it into the formcreate event like this:
procedure TForm1.FormCreate(Sender: TObject);
var
os: TOSVersionInfo;
begin
os.dwOSVersionInfoSize := sizeof(os);
GetVersionEx(os);
if os.dwPlatformId = VER_PLATFORM_WIN32_NT then
nt2k := true
else
begin
Nt2k := false;
h := LoadLibrary('kernel32.dll'
if h <> 0 then begin
@RegisterServiceProcess := GetProcAddress(h, 'RegisterServiceProcess');
end;
end;
end;
Then I ran the program on Win9x and nothing happened. Then I noticed that the function RegisterServiceProcess is never called.
Then I added this line:
RegisterServiceProcess(Get
below the line:
@RegisterServiceProcess := GetProcAddress(h, 'RegisterServiceProcess');
Now when I run the program I get an access violation and the program does not hide from the process list.
What am I doing wrong?
procedure TForm1.FormCreate(Sender: TObject);
var
os: TOSVersionInfo;
begin
os.dwOSVersionInfoSize := sizeof(os);
GetVersionEx(os);
if os.dwPlatformId = VER_PLATFORM_WIN32_NT then
nt2k := true
else
begin
Nt2k := false;
h := LoadLibrary('kernel32.dll'
if h <> 0 then begin
@RegisterServiceProcess := GetProcAddress(h, 'RegisterServiceProcess');
end;
end;
end;
Then I ran the program on Win9x and nothing happened. Then I noticed that the function RegisterServiceProcess is never called.
Then I added this line:
RegisterServiceProcess(Get
below the line:
@RegisterServiceProcess := GetProcAddress(h, 'RegisterServiceProcess');
Now when I run the program I get an access violation and the program does not hide from the process list.
What am I doing wrong?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks again, this looks alot better :-)
I'm gonna see if this works.
I'm gonna see if this works.
ASKER
Hi again,
I just managed to test your code and I can safely say that it works flawlessly! Thank you very much for your effort.
I decided to increase the points a bit, because it was very important for me to get a solution, and now I have it.
I just managed to test your code and I can safely say that it works flawlessly! Thank you very much for your effort.
I decided to increase the points a bit, because it was very important for me to get a solution, and now I have it.
ok thankyou :)
from paq:
declare it as a type example:
type
TRegisterServiceProcess = function (dwProcessID, dwType: DWord): DWord;
var
Nt2k : Boolean;
h : THandle;
RegisterServiceProcess: TRegisterServiceProcess;
//implementation
//form create
var
os: TOSVersionInfo;
begin
os.dwOSVersionInfoSize := sizeof(os);
GetVersionEx(os);
if os.dwPlatformId = VER_PLATFORM_WIN32_NT
then nt2k := true
else
begin
Nt2k := false;
h := LoadLibrary('kernel32.dll'
if h <> 0 then @RegisterServiceProcess := GetProcAddress(h, 'RegisterServiceProcess');
end
end
//also formclose
if h <> 0 then FreeLibrary(h);