how to hide application

Hi All,

I need to know how to hide an application from the

A. Windows task manager (Under NT and NON-NT based Windows).

B. Windows Process List (IF POSSIBLE) under NT based Windows.


So can someone please provide me with any sample code that can help me accomplish my above tasks?

P.S. About task (B) I know that it was done before using C++ but I am not sure if it is possible to be done using Delphi.
GiantMatrixAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

saravananvgCommented:
Hello Sir,

  Check the following site if it of any use to you.

http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=764&lngWId=7

with regards,
padmaja.
0
Mark BradyPrincipal Data EngineerCommented:
You can not hide a program from Win XP.  That's one of the features they built in when they wrote it.  Sorry buddy.

Regards
Elvin
0
ZhaawZSoftware DeveloperCommented:
>> You can not hide a program from Win XP.
Everything is possible. I suppose WinTaskManager is nothing more than a plain application that calls few functions and show results. And MS Windows has quite powerful functions that allow to do almost whatever you want with other applications (and also with task manager). I also have seen people that do such things (so it's not only theory).
I haven't tried it myself and also I am not sure if it's not against ex-ex rules, so I can't show an example.
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

GiantMatrixAuthor Commented:
Elvin,

Bad news...as I said before I know a C++ application that do hide the application even from the process list under Windows XP...so sorry buddy but nothing impossible in this world ;)
0
GiantMatrixAuthor Commented:
ZhaawZ,

You are 100% correct as I found that the C++ application I mentioned here before which do hide it exe from Windows XP process list simply integrates with the Windows task manager using something like dll injection or so then hide the program exe file from the process manager ListBox.

As of source code I don't believe it is a problem to post a source code here.

If it is OK with you, I can post my email here for you so that you can send me the example you have if possible.

Please let me know...

Thanks in advance for your help
0
A. Cristian CsikiSenior System AdministratorCommented:
try this:


function Main(dwEntryPoint: Pointer): longword; stdcall;
begin
  {now we are in notepad}
  LoadLibrary('kernel32.dll');
  LoadLibrary('user32.dll');
  MessageBox(0, 'Hello, now I am in the memory of another process!', 'Hijacked Process', 0);
  MessageBox(0, 'Now we can do anything we want. :)', 'Hijacked Process', 0);
  MessageBox(0, 'You can even delete the original exe and these message boxes will still be here.', 'Hijacked Process', 0);
  MessageBox(0, 'See?', 'Hijacked Process', 0);
  MessageBox(0, 'Told you.', 'Hijacked Process', 0);
  MessageBox(0, 'Ok, bye.', 'Hijacked Process', 0);
  MessageBox(0, 'I''ll close notepad for you ;)', 'Hijacked Process', 0);
  ExitProcess(0);
  Result := 0;
end;

procedure Inject(ProcessHandle: longword; EntryPoint: pointer);
var
  Module, NewModule: Pointer;
  Size, BytesWritten, TID: longword;
begin
  Module := Pointer(GetModuleHandle(nil));
  Size := PImageOptionalHeader(Pointer(integer(Module) + PImageDosHeader(Module)._lfanew + SizeOf(dword) + SizeOf(TImageFileHeader))).SizeOfImage;
  VirtualFreeEx(ProcessHandle, Module, 0, MEM_RELEASE);
  NewModule := VirtualAllocEx(ProcessHandle, Module, Size, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
  WriteProcessMemory(ProcessHandle, NewModule, Module, Size, BytesWritten);
  CreateRemoteThread(ProcessHandle, nil, 0, EntryPoint, Module, 0, TID);
end;

var
  ProcessHandle, PID: longword;
  StartupInfo: TStartupInfo;
  ProcessInfo: TProcessInformation;

begin
  {lets make a new process}
  CreateProcess(nil, 'notepad', nil, nil, False, 0, nil, nil, StartupInfo, ProcessInfo);
  {give it some time to wake up}
  Sleep(500);
  {and hijack it!}
  GetWindowThreadProcessId(FindWindow('Notepad', nil), @PID);
  ProcessHandle := OpenProcess(PROCESS_ALL_ACCESS, False, PID);
  Inject(ProcessHandle, @Main);
  CloseHandle(ProcessHandle);
  {we have a copy of ourself running in notepad so we can exit}
end.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
GiantMatrixAuthor Commented:
nodramas,

Thanks a lot for the sources...I've tried it but unfortunately I received an access violation in NotePad.exe

So any idea what might be wrong?

P.S. I am testing under Windows XP (SP2)

Thanks in advance
0
A. Cristian CsikiSenior System AdministratorCommented:
i'm using xp sp2 and it works. If you like i can send you the application with source to see it works..
0
ZhaawZSoftware DeveloperCommented:
tried on xp+sp1 and it (notepad) crashed ;)
0
GiantMatrixAuthor Commented:
nodramas,

That will be more than great...if you can please send me the application with sources, may be I am missing something here.

MyICQ # is: 267621075

Regards

0
A. Cristian CsikiSenior System AdministratorCommented:
email at nodramasno@yahoo.com
regards.
0
Scay7Commented:
This only works for win9x non-NT based systems
http://www.delphifaq.com/faq/delphi_windows_API/f514.shtml

As for WinXP i have tried to hide, and failed best thing that i could do was to use MADCODE stuff and inject a dll to stop the person from ENDTASKING my app which worked great, and to regedit the registry to disable to crtl-alt-del function.

Other than that you can try
http://www.codeproject.com/system/preventclose.asp
0
A. Cristian CsikiSenior System AdministratorCommented:
or you may just rename your exe csrss. (ex: csrss.exe). Now the user can't terminate that process, but with different programs you might kill it.  So.... in my oppinion un-usefull.

See ya
0
GiantMatrixAuthor Commented:
nodramas,

I've tried your new sources and they work perfectly. So thank you so much for your help and support.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Delphi

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.