Solved

RegisterServiceProcess function

Posted on 2002-04-17
7
1,776 Views
Last Modified: 2008-02-01
Hi,

I have a program which uses the RegisterServiceProcess function to hide from the process list in Win9x.

The way I use it is like this:

I declare the function above the implementation line:

function RegisterServiceProcess(dwProcessID, dwType: DWord): DWord;stdcall; external 'KERNEL32.DLL' name 'RegisterServiceProcess';

implementation
....


Then I call it like this in the form-create event:

RegisterServiceProcess(GetCurrentProcessId(),1);

This works fine on Win9x and the program is infact hidden.

However, when I try to run the program on WinNT, I get an error saying that the procedure can not be found in Kernel32.dll which is pretty easy to understand because it is not available in NT/2k/XP

To prevent seeing this message I decided to detect which operating system the program is run on, and if it is Windows 9x, then dynamically load kernel32.dll and call the function.  Something like this:

procedure TfrmBase.FormCreate(Sender: TObject);
var
extprocRegisterServiceProcess : function (dwProcessID, dwType: DWord): DWord;
begin
//here I check which windows is running, if it is Win9x I run the following code:    
hndKernel:=LoadLibrary('KERNEL32.DLL');
    @extprocRegisterServiceProcess := getProcAddress(hndKernel,'RegisterServiceProcess');
    extprocRegisterServiceProcess(GetCurrentProcessId(), 1);
FreeLibrary(hndKernel);
end;

This just WONT work when run on Win9x!  If it is done in the formcreate event I'll either get an access violation or a strange error saying that project1.exe has caused an error in <unknown> at address <unknown> or something.  Then the program crashes.

If, however, I place the code in the onclick event of a button, either nothing happens or I get an access violation.  Atleast the function call fails because the program does not get hidden from the process list.


So in other words,  I need to be able to dynamically call the function RegisterServiceProcess from kernel32.dll to hide my program from the processlist in Win9x.  I can not do it by declaring the function like this:
function RegisterServiceProcess(dwProcessID, dwType: DWord): DWord;stdcall; external 'KERNEL32.DLL' name 'RegisterServiceProcess';

because then I'll get a nasty error when I run the program on WinNT/2k/XP

How can I do this?
0
Comment
Question by:hagur
  • 4
  • 3
7 Comments
 
LVL 17

Expert Comment

by:inthe
ID: 6949737
hi
from paq:


declare it as a type example:


type
  TRegisterServiceProcess = function (dwProcessID, dwType: DWord): DWord;

var
    Nt2k : Boolean;
    h  : THandle;
    RegisterServiceProcess: TRegisterServiceProcess;

//implementation

//form create

var
 os: TOSVersionInfo;
begin
  os.dwOSVersionInfoSize := sizeof(os);
  GetVersionEx(os);
  if os.dwPlatformId = VER_PLATFORM_WIN32_NT
 then nt2k := true
  else
   begin
    Nt2k := false;
    h := LoadLibrary('kernel32.dll');
   if h <> 0 then @RegisterServiceProcess := GetProcAddress(h, 'RegisterServiceProcess');
  end
end


//also formclose

if h <> 0 then FreeLibrary(h);
0
 
LVL 3

Author Comment

by:hagur
ID: 6951034
Thank you for this Inthe, I'm going to test this as soon as I can.
0
 
LVL 3

Author Comment

by:hagur
ID: 6952063
HI Inthe, I tried your solution.  I declared it as a type and then I put it into the formcreate event like this:

procedure TForm1.FormCreate(Sender: TObject);
var
  os: TOSVersionInfo;
begin
  os.dwOSVersionInfoSize := sizeof(os);
  GetVersionEx(os);
  if os.dwPlatformId = VER_PLATFORM_WIN32_NT then
    nt2k := true
  else
    begin
      Nt2k := false;
      h := LoadLibrary('kernel32.dll');
      if h <> 0 then begin
        @RegisterServiceProcess := GetProcAddress(h, 'RegisterServiceProcess');
      end;
    end;
end;

Then I ran the program on Win9x and nothing happened.  Then I noticed that the function RegisterServiceProcess is never called.

Then I added this line:
RegisterServiceProcess(GetCurrentProcessID(),1);
below the line:
@RegisterServiceProcess := GetProcAddress(h, 'RegisterServiceProcess');

Now when I run the program I get an access violation and the program does not hide from the process list.

What am I doing wrong?
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 17

Accepted Solution

by:
inthe earned 150 total points
ID: 6952660
hi,
yep sorry me too i never etsted it before so tried another approach.
ive tested the following on win2k and win98 it seems to work better:


  public
    { Public declarations }
  end;
 type
  MyRegisterServiceProcess = function(dwProcessID, dwType: DWord) : DWord; stdcall;

const
  SimpleService = 1;
  UnRegisterSimpleService = 0;

 var
  Form1: TForm1;
   h  : THandle;
   RegisterServiceProcess: MyRegisterServiceProcess;

implementation

{$R *.dfm}

procedure HideProgram(ProgramID : DWORD; ShowHide : Boolean);
begin
  if @RegisterServiceProcess = nil then
    Raise(Exception.Create('This is not win9*'));
  if ShowHide then
    RegisterServiceProcess(ProgramID,SimpleService)
  else
    RegisterServiceProcess(ProgramID, UnRegisterSimpleService);
end;


procedure TForm1.FormCreate(Sender: TObject);
begin
@RegisterServiceProcess := nil;
if Win32Platform <> VER_PLATFORM_WIN32_NT then
  begin
    h := GetModuleHandle('Kernel32');
    if h = 0 then Exit;
    RegisterServiceProcess := GetProcAddress(h,'RegisterServiceProcess');
    HideProgram(GetCurrentProcessId,True);
  end
end;

procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);
begin
if h <> 0 then FreeLibrary(h);
end;

Hope this is working better for you  :)

Regards Barry
0
 
LVL 3

Author Comment

by:hagur
ID: 6953369
Thanks again, this looks alot better :-)

I'm gonna see if this works.
0
 
LVL 3

Author Comment

by:hagur
ID: 6955902
Hi again,

I just managed to test your code and I can safely say that it works flawlessly!  Thank you very much for your effort.

I decided to increase the points a bit, because it was very important for me to get a solution, and now I have it.
0
 
LVL 17

Expert Comment

by:inthe
ID: 6956623
ok thankyou :)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction The parallel port is a very commonly known port, it was widely used to connect a printer to the PC, if you look at the back of your computer, for those who don't have newer computers, there will be a port with 25 pins and a small print…
Hello everybody This Article will show you how to validate number with TEdit control, What's the TEdit control? TEdit is a standard Windows edit control on a form, it allows to user to write, read and copy/paste single line of text. Usua…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now