Solved

Making my application invisible on the task manager

Posted on 2003-11-10
21
6,632 Views
Last Modified: 2013-12-03
I want that when the user executes my application, it doesn´t show that it´s running. Like removing it from the task manager and making it invisible for the user. Because i´m making a liitle program to moniter what the user is doing on my machine. Thanx
0
Comment
Question by:fabyola
  • 5
  • 5
  • 4
  • +5
21 Comments
 
LVL 6

Expert Comment

by:DaFox
ID: 9717000
Hi,

NT, 9x? It's possible on both platforms but it's quite tricky (and not easy!) on NT platform. On 9x you simply define your application as an service.

Regards,
Markus
0
 
LVL 6

Expert Comment

by:GloomyFriar
ID: 9717268
For win200-XP you can download C sources here:

http://www.codeproject.com/useritems/preventclose.asp

0
 

Author Comment

by:fabyola
ID: 9717398
How do i define my application as a service ?  Don´t you have sources for Delphi ?
0
 
LVL 6

Expert Comment

by:DaFox
ID: 9717530
Hi,

Try sth. like this:

// ...

function RegisterServiceProcess(dwProcessID, dwType: DWord): DWord; external 'KERNEL32.DLL';

var
  Form1: TForm1;

implementation

{$R *.DFM}

procedure TForm1.Button1Click(Sender: TObject);
// hides application from task manager (9x only)
begin
  RegisterServiceProcess(0, 1);
end;

procedure TForm1.Button2Click(Sender: TObject);
// shows application in task manager
begin
  RegisterServiceProcess(0, 0);
end;

Markus
0
 
LVL 2

Expert Comment

by:SaLz
ID: 9718322
You could do this, this will hide the program, it will be invisible, you wouldn't even know it had been opened.

but it will not hide the display of the exe from a windows xp Processes Tab.

besides that, this way should be the best.


uses
  Forms,
  Unit1 in 'Unit1.pas' {Form1};

{$R *.res}

begin
  Application.Initialize;
  Application.ShowMainForm:=False;
  Application.CreateForm(TForm1, Form1);
  Application.Run;
end.
0
 
LVL 4

Accepted Solution

by:
BedouinDN earned 150 total points
ID: 9718780
You  can hide the application from the task manager Close Programs tab, but no the running processes tab.

Firstly, you don't want the taskbar icon to display when your application is open, you can use the following to remove that

//------------------------------------------------------------------

procedure TForm1.FormCreate(Sender: TObject);
begin
ShowWindow(Application.Handle, SW_HIDE);
SetWindowLong(Application.Handle, GWL_EXSTYLE, GetWindowLong(Application.Handle, GWL_EXSTYLE) or WS_EX_TOOLWINDOW );
ShowWindow(Application.Handle, SW_SHOW);
end;

//-------------------------------------------------------------------

The hide the application from showing in the Close Programs tab in Task Manager
To do this, simply remove the title string from your application in your source code like this:
(Make sure you do not set a title in the Project->Options menu ) :-)

//----------------------------------------------

Application.Initialize;
Application.Title := '';
Application.CreateForm(TForm1, Form1);

//---------------------------------------------

To run the app as a service in Win9X:

//-----------------------------------------------------
implementation

const
   RSPSIMPLESERVICE = 1;
   RSPUNREGISTERSERVICE = 0;

function RegisterServiceProcess
   (dwProcessID, dwType: DWord) : DWord;
   stdcall; external 'KERNEL32.DLL';

procedure TForm1.FormDestroy (Sender: TObject) ;
begin
   RegisterServiceProcess
     (GetCurrentProcessID, RSPUNREGISTERSERVICE)
end;

procedure TForm1.FormCreate (Sender: TObject) ;
begin
   RegisterServiceProcess
     (GetCurrentProcessID, RSPSIMPLESERVICE)
end;

//----------------------------------------------------------------------------------

And here is some code that will disable the Ctrl + Alt + Del keys altogether on Win NT based machines:

//-------------------------------------------------------------------------------
procedure EnableCTRLALTDEL(YesNo : boolean);
const
sRegPolicies = '\Software\Microsoft\Windows\CurrentVersion\Policies';
begin
  with TRegistry.Create do
  try
    RootKey:=HKEY_CURRENT_USER;
    if OpenKey(sRegPolicies+'\System\',True) then
    begin
      case YesNo of
        False:
          begin
            WriteInteger('DisableTaskMgr',1);
          end;
        True:
          begin
            WriteInteger('DisableTaskMgr',0);
          end;
      end;
    end;
    CloseKey;
    if OpenKey(sRegPolicies+\Explorer\',True) then
    begin
      case YesNo of
        False:
          begin
            WriteInteger('NoChangeStartMenu',1);
            WriteInteger('NoClose',1);
            WriteInteger('NoLogOff',1);
          end;
        True:
          begin
            WriteInteger('NoChangeStartMenu',0);
            WriteInteger('NoClose',0);
            WriteInteger('NoLogOff',0);
          end;
      end;
    end;
    CloseKey;
  finally
    Free;
  end;
end;

There are other things that can be done to prevent the application from being closed but I think you were more interested in hiding the application from the user rather than that.

(You can also name the application something like svchost.exe so that when it does appear in the task list but not the Close Program list, it sort of appears like it should be there :-/ )
0
 

Author Comment

by:fabyola
ID: 9718833
You said that there are other things that can be done to prevent the application from being closed, can you tell me please.
  Thanx
0
 

Author Comment

by:fabyola
ID: 9718867
Also posted how to hide it from the task manager but only in Win9x. Does anyone know how to it in Windows 200,XP. Thanx Guys
0
 
LVL 2

Expert Comment

by:SaLz
ID: 9718912
use this, on the form click on events and then go down to OnCloseQuery and you will see FormCloseQuery listed there and thats it they won't be able to close it :)

unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs;

type
  TForm1 = class(TForm)
    procedure FormCloseQuery(Sender: TObject; var CanClose: Boolean);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;

implementation

{$R *.dfm}

procedure TForm1.FormCloseQuery(Sender: TObject; var CanClose: Boolean);

begin
  if MessageDlg('Close the form?', mtConfirmation,
    [mbOk, mbCancel], 0) = mrCancel then
     CanClose := False;
end;
end.




==============================
if you don't want it being closed then do this pu this in.

procedure TForm1.FormCloseQuery(Sender: TObject; var CanClose: Boolean);

begin
     CanClose := False;
end;

you wont be able to close the program now.
0
 
LVL 4

Expert Comment

by:BedouinDN
ID: 9718915
You can catch the applications shutdown message through using a FormClose event and then setting CanClose to FALSE i.e.
//--------------------------------------------------------------------

procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);
begin
//This even is fired when the form gets the message to close
//Setting the variable CanClose to false tells the application that it cannot close down the form thread and so
//cannot close the app
CanClose := FALSE;
end;

//------------------------------------------------------------------

Something else you might like to play with is catching the wm_close message that windows sends the apps when it requests to close.
You can catch that message by adding the following to your Private clause and defining the action to ytake when the message is recieved in a procedure -

//-------------------------------------------
type..
.....
Private
procedure WMEndSession(var Msg:TWMEndSession);
message WM_ENDSESSION;

implementation

procedure TForm1.WMEndSession(var Msg:TWMEndSession);
begin
//Define what to do here
//to stop the app from closing you can call the OnClose procedure with CanClose set to false
end;

//---------------------------------------------------

or

//---------------------------------------------------
//Must have Messages in uses clause


Protected
procedure WndProc(var Msg: TMessage); override;

implementation
..

procedure TForm1.WndProc(var Msg: TMessage);
begin
if Msg.Msg = WM_CLOSE then //Do something here
inherited WndProc(Msg);
end;

//--------------------------------------------------------

:-)
Bedouin..





0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 4

Expert Comment

by:BedouinDN
ID: 9718922
Did I say FormClose - I meant CloseQuery

procedure TForm1.FormCloseQuery(Sender: TObject; var CanClose: Boolean);

:-)
0
 
LVL 2

Expert Comment

by:SaLz
ID: 9718943
do this,

in your projects1.dpr// this will make the program invisable, you won't even know its has been opened.
--------------------------------------------------------
program Projects1;

uses
  Forms,
  Unit1 in 'Unit1.pas' {Form1};

{$R *.res}

begin
  Application.Initialize;
  Application.ShowMainForm:=False;
  Application.CreateForm(TForm1, Form1);
  Application.Run;
end.
----------------------------------------------------------

Unit1.pas// this will stop the program being closed.
-----------------------------------------------------------
on form, on events, OnCloseQuery
procedure TForm1.FormCloseQuery(Sender: TObject; var CanClose: Boolean);

begin
     CanClose := False;
end;


0
 
LVL 6

Expert Comment

by:DaFox
ID: 9719042
Guys, come on... All of this CanClose stuff works only for normal process termination. Task manager first attempts to close an application by sending a WM_CLOSE message. If the process fails to respond to the message it terminates the process by using TerminateProcess(). So, your OnCloseQuery, CanClose stuff won't work!


>> You  can hide the application from the task manager Close Programs tab, but no the running processes tab.

>> Also posted how to hide it from the task manager but only in Win9x. Does anyone know how to it in Windows 200,XP.

On NT platform you have to "hijack" NtQuerySystemInformation() API. Not that easy and impossible by using madshis components since he disabled this kind of API to be hocked!

Regards,
Markus
0
 
LVL 2

Expert Comment

by:SaLz
ID: 9719089
if you want to know more about NtQuerySystemInformation() API check out the below link

http://www.experts-exchange.com/Programming/Programming_Languages/Delphi/Q_20724178.html
0
 
LVL 6

Expert Comment

by:DaFox
ID: 9719125
Yep, and they failed to realize it because
a. madshi disabled NtQuerySystemInformation() support in his madCodeHook component
b. function hooking is a quite challenging thing to do (if it should work reliable on all Windows platforms)

Markus
0
 

Author Comment

by:fabyola
ID: 9730444
It´s going to work this way. I´m going to have a server running in which all of the users will log in. When they log in, i created a script in which will run the application that i´m doing. And I need that the user don´t know that is running something in the backround. What´s the best way to do it ??? Is it doind what I asked.
  Thanx
0
 

Author Comment

by:fabyola
ID: 9730775
Also someone said that to hide it from the Task Manager in Win9x it´s just register as a service. But what can I do to prevent an error if the user run it in a NT Platform because it gives me an error. I promise I will increase more points to this question.

   Thanx
0
 
LVL 2

Expert Comment

by:SaLz
ID: 9731333
Maybe this may help you :)

you could try these sources http://www.iamaphex.com/Delphi%20Source/  

it has HideProcessNT
0
 

Expert Comment

by:bBK
ID: 10456823
Just to follow solution :)
0
 

Expert Comment

by:AkaZn
ID: 10484023
Even bussines program like Perfect keylogger can only hide from task mangager but in process (in Win NT or by some program like tubor memory) they always so (with P keylogger it is ibpk)
0
 

Expert Comment

by:Zinvob
ID: 12189377
It is possible to hide the application completely, but you need to have admin rights, and hook into several very low level API and also do some tricks fixing size of several memory structures. Making it overlap your process info. It's even possible to hide windows :), but that's mutch worse to do. No process listing application can find it, it's just there.

If you want a more easy solution, make a dll and hook/inject it into explorer.exe
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

A lot of questions regard threads in Delphi.   One of the more specific questions is how to show progress of the thread.   Updating a progressbar from inside a thread is a mistake. A solution to this would be to send a synchronized message to the…
Hello everybody This Article will show you how to validate number with TEdit control, What's the TEdit control? TEdit is a standard Windows edit control on a form, it allows to user to write, read and copy/paste single line of text. Usua…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now