Solved

Windows Task Manager

Posted on 2006-11-11
41
577 Views
Last Modified: 2010-04-05
Hello experts,

Some other day I posted in the OS (XP) session some question about Windows Task Manager (http://www.experts-exchange.com/Operating_Systems/WinXP/Q_22055556.html). The question in Delphi session is: HOW can I do a program with that function using DELPHI 7?
0
Comment
Question by:plinho
  • 21
  • 17
  • +1
41 Comments
 
LVL 16

Expert Comment

by:CodedK
ID: 17925068
Hi plinho.

You can hide a program from the task manager on XP ONLY if its a service proccess...
(But even if thats the case your program can be seen in the list on administration tools - services)
You can't do it for any other external program.

1) You can disable Task Manager though.
2) You can create a program that launch your application if it has been terminated.
3) You can disable Task Manager and open a window that looks like and mimic Task Manager filtering the program you want to hide...

Hope this helps.

0
 
LVL 16

Expert Comment

by:CodedK
ID: 17925080
There is a way to hide it from the application tab :

OnActivate event of Form1 write this :
ShowWindow(Application.Handle,SW_HIDE);

------------------------------

To hide it from the list of processes tab the only fast way is to terminate the program you want rename it to svchost.exe & launch it again.
0
 

Author Comment

by:plinho
ID: 17925725
Have you seen the other question i asked in Windows XP session?? There is a program that does that, the name is jamilah... i saved it into this email: jamilah_software@yahoo.com.br, password: 123456.
take a look there ;)
0
 
LVL 16

Expert Comment

by:CodedK
ID: 17926048
Can you please tell me HOW this *** application can hide another application ?
Because i see very well that it exists in application tab in 1 application that i tried ...
more over i had to reboot coz it crashed my system !
0
 

Author Comment

by:plinho
ID: 17926214
Thats what I'm aking... HOW does it work, and HOW to do that in Delphi =/
0
 

Author Comment

by:plinho
ID: 17926223
it hides the app from the procces list in Windows Task Manager.... That what i'm trying to do in delphi
0
 

Author Comment

by:plinho
ID: 17926231
By the way, when you hide an app with jamilah youhave to close this app FIRST than jamilah, or else the system will crach =)
0
 
LVL 16

Expert Comment

by:CodedK
ID: 17928492
Hi plinho, check out this link :

http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=764&lngWId=7

The only way is to hack Task Manager memory and remove the name of your program from the list...
This is a security issue.
0
 
LVL 17

Accepted Solution

by:
Wim ten Brink earned 250 total points
ID: 17928553
There is a way to hide your application for the task manager but it requires some serious (low-level) API hooking and unfortunately it's a technique often used by rootkits. Basically, you hijack a few API functions that the task manager uses to enumerate the running processes and just make sure these API functions won't report your applcation.
One other problem is of course that if you hijack some API functions and your code has a bug then the whole system might crash and crash hard! Also, check out the story about Sony and Rootkits and you know another reason why NOT to create them. :-)

And sorry, I don't know how to do this. I just know it can be done. I think through something called MadComponents. :-)
0
 
LVL 16

Assisted Solution

by:CodedK
CodedK earned 250 total points
ID: 17928621
Also check this out :

Lee tries to hack Task Manager and Task Manager crashes... Check out the other comments too, there are instruction of how to inject your code with Mad components.

http://www.experts-exchange.com/Programming/Programming_Languages/Delphi/Q_20289521.html
0
 

Author Comment

by:plinho
ID: 17928839
That's a very good topic... I looked for this subject but couldn't find anything =/
CodedK, have you seen jamilah?? It hides an external app and can change their PID. HOW the hell can it be done?! I thoght it was very close to impossible before i found this software...
0
 
LVL 16

Expert Comment

by:CodedK
ID: 17928875
It can trick the system.
I've never done anything similar before and like you i also thought its impossible.
Yes i saw Jamilah.

The way i see it. It must do the following :
~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
Hooks system api calls to intercept Task Manager.
Hide Task Manager window.
Dump memory process of Task Manager.
Edit memory to remove the given string from the process list (But it cannot remove it from the Application Tab).
Show Task Manager Window.
~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~

In every forum i've seen the only way to do it is to hack the system... There isn't any known procedure to do it.
I'll keep looking for something interesting for you :)

P.S
I found something called Stealth but it keeps crashing my system...
Do you want to check it ?
0
 
LVL 16

Expert Comment

by:CodedK
ID: 17928909
I found something usefull in a trojan source code ... (Back Orifice 2000)
0
 

Author Comment

by:plinho
ID: 17929196
Sure, can you post the link to this program so I can download it (Stealth, not B.O. =P).
I'm not home now, but as soon as I get there i'll take a look on it ;)

"I'll keep looking for something interesting for you :)"

No rush... Just in enoght time to this question not be closed.
0
 
LVL 16

Expert Comment

by:CodedK
ID: 17929203
I'm in work now :) I'll send it in 1 hour or 2
0
 

Author Comment

by:plinho
ID: 17929236
ok, i'll be home just in 6 hours =/.
I hate not having my this on other computers
0
 
LVL 16

Expert Comment

by:CodedK
ID: 17931107
Well first of all this is one PAQ from Madshi the one who wrote all the mad hook components we talked about earlier :

http://www.experts-exchange.com/Programming/Programming_Languages/Delphi/Q_10186120.html

He is talking about the source code of the Back Orifice worm.... He rewrote it in Delphi... Check it out ...

The source that follows is that **** unit i found (it crashes my application)
0
 
LVL 16

Expert Comment

by:CodedK
ID: 17931122
 unit Stealth;

  interface

  uses
    WinTypes, WinProcs, Classes, Forms, SysUtils, Controls, Messages;

  type
    TDuplicateComponent = class(Exception);
    TFormNotOwner = class(Exception);
    TStealth = class(TComponent)

    private
      FHideForm: Boolean;
      fHideApp: Boolean;
      OldWndProc: TFarProc;
      NewWndProc: Pointer;
      function IsIt: Boolean;
      procedure SetIt (Value: Boolean);
      procedure SetHideApp(Value: Boolean);
      procedure HookParent;
      procedure UnhookParent;
      procedure HookWndProc(var Message: TMessage);
      protected

    {Protected declarations}
       procedure HideApplication;
       procedure ShowApplication;

    public
    {Public declarations}
      constructor Create(AOwner: TComponent); override;
      destructor Destroy; override;
      procedure Loaded; override;
      procedure ProcessEnabled;
      published

    {Published declarations}
      property HideForm: Boolean read IsIt write SetIt stored true default true;
      property HideApp: Boolean read fHideApp write SetHideApp;
    end;

    function RegisterServiceProcess(dwProcessID, dwType: Integer): Integer; stdcall; external 'KERNEL32.DLL';
    procedure Register;

    implementation

uses Unit1;

    destructor TStealth.Destroy;

    begin
     ShowApplication;
     UnhookParent;
     inherited destroy;
    end;

    constructor TStealth.Create(AOwner: TComponent);
    var
      i: Word;
      CompCount: Byte;
    begin
     inherited Create(AOwner);
     fHideform := true;
     NewWndProc := nil;
     OldWndProc := nil;
     CompCount := 0;
     if (csDesigning in ComponentState) then
     if (AOwner is TForm) then
     with (AOwner as TForm) do
      begin
       for i := 0 to ComponentCount - 1 do
       if Components[i] is TStealth then Inc(CompCount);
       if CompCount > 1 then raise TDuplicateComponent.Create('There is already a TStealth component on this Form');
      end
     else
      raise TFormNotOwner.Create('The owner of TStealth Component is not a TForm');
      HookParent;
    end;

    procedure TStealth.SetHideApp(Value: Boolean);
    begin
     fHideApp := Value;
     if Value then HideApplication
      else
     ShowApplication;
    end;

    procedure TStealth.HideApplication;
    begin
     if not (csDesigning in ComponentState) then
     RegisterServiceProcess(GetCurrentProcessID, 1);
    end;

    procedure TStealth.ShowApplication;
    begin
     if not (csDesigning in ComponentState) then
     RegisterServiceProcess(GetCurrentProcessID, 0);
    end;

    procedure TStealth.Loaded;
    begin
     inherited Loaded; { Always call inherited Loaded method }
     if not (csDesigning in ComponentState) then
     ProcessEnabled;
    end;

    procedure TStealth.ProcessEnabled;
    begin
     if not (csDesigning in ComponentState) then
     if fHideform then
     ShowWindow(FindWindow(nil, @Application.Title[1]), SW_HIDE)
     else
     ShowWindow(FindWindow(nil, @Application.Title[1]), SW_RESTORE);
    end;

    function TStealth.IsIt: Boolean;
    begin
     Result := fHideform;
    end;

    procedure TStealth.SetIt(Value: Boolean);
    begin
     fHideform := value;
     ProcessEnabled;
    end;

    procedure TStealth.HookParent;
    begin
     if owner = nil then exit;
     OldWndProc := TFarProc(GetWindowLong((owner as TForm).Handle, GWL_WNDPROC));
     NewWndProc := MakeObjectInstance(HookWndProc);
     SetWindowLong((owner as TForm).Handle, GWL_WNDPROC, LongInt(NewWndProc));
    end;

    procedure TStealth.UnhookParent;
    begin
     if (owner <> NIL) and Assigned(OldWndProc) then
     SetWindowLong((owner as TForm).Handle, GWL_WNDPROC, LongInt(OldWndProc));
     if Assigned(NewWndProc) then
     FreeObjectInstance(NewWndProc);
     NewWndProc := NIL;
     OldWndProc := NIL;
    end;

    procedure Register;
    begin
     RegisterComponents('Dbayliss', [TStealth]);
    end;

    procedure TStealth.HookWndProc(var Message: TMessage);
    begin
     if owner = NIL then exit;
     if (Message.Msg = WM_SHOWWINDOW) then
     if (Message.wParam <> 0) then
     ProcessEnabled;
     Message.Result := CallWindowProc(OldWndProc, (owner as TForm).Handle, Message.Msg, Message.wParam, Message.lParam);
    end;

end.
0
 

Author Comment

by:plinho
ID: 17931558
Hmm, I know it sounds stupid but i cant install madKernell and those others components...
0
 
LVL 16

Expert Comment

by:CodedK
ID: 17932794
I've never tried plinho maybe someone could help you more with these components...
Send a pm to Madshi...
www.madshi.net
:)
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:plinho
ID: 17933527
Hmm, I couldn't make this program that you posted work, I mean, I compiled it, but what does it do actually?
0
 
LVL 16

Expert Comment

by:CodedK
ID: 17933585
Use the unit from your program...
0
 

Author Comment

by:plinho
ID: 17933832
Hmm, got these errors:
"[Error] WARNING. Duplicate resource(s):
[Error] Type 10 (RCDATA), ID TFORM1:
[Error] File C:\Arquivos de programas\Borland\Delphi7\Projects\Unit1.dfm resource kept; file C:\Arquivos de programas\Borland\Delphi7\Projects\goxpgount.dfm resource discarded."
0
 
LVL 16

Expert Comment

by:CodedK
ID: 17934384
Try to test it in a new project.
Mine jst crashes with no errors ! Cant help u with that unit any more.
I just found it and thought that it could be useful :/
0
 

Author Comment

by:plinho
ID: 17936950
I guess it would be quite difficult to hide an external app... So if you help me to hide my own app, I'll give you the points with A grade for your patience =)
0
 
LVL 16

Expert Comment

by:CodedK
ID: 17936961
Plinho thanks but i dont do it for the points :)

I hope some other expert will come in, that knows something about this ...
Be patient i'm looking in every forum i know :)

Maybe we can pull this out with a trick.
0
 

Author Comment

by:plinho
ID: 17937415
Thats ok :) but if you eventually find how to hide my own app, poste here so i can use it while we dont find out how to do it with external apps
0
 
LVL 16

Expert Comment

by:CodedK
ID: 17959179
Plinho please add your email in your profile.
0
 
LVL 16

Expert Comment

by:CodedK
ID: 17959276
Add your email in your profile. So i can send you the source code of a program i made.

It is based on my first post. So you can accept my first post.
It can do it even for an external application :) !!!!!!
0
 
LVL 16

Expert Comment

by:CodedK
ID: 17959282
I cant post it here because it can be used for bad things.
0
 
LVL 16

Expert Comment

by:CodedK
ID: 17961791
Forget it plinho if you want the source i can mail it to you but its not working well...
Task manager flickers too much, because it tries to refresh the values.
So forget my last comments. :(
0
 

Author Comment

by:plinho
ID: 17966450
=/, if you want to mail me send to plinho_v@yahoo.com.br plz... But it has to be a way to do ut, I mean, That jamilah program does that right?
0
 
LVL 16

Expert Comment

by:CodedK
ID: 17971002
Plinho i've managed to hack Task Manager Memory BUT i couldnt freeze the constant updating of WTM...
I hope this can give you a start. It can work even for external applications. BUT there is a constant flickering !
If you find a way around this then its done !!!
I'll send you the source right now if you find something then mail me (see my profile for my mail)
0
 

Author Comment

by:plinho
ID: 17972181
Wow, I'm no expert in delphi, in fact i learnedall i know by myself, so my knowledge is kinda low =/
I tried to do some changes on the names to find the Windows Task Manager, tranlating it to my language. But I've noticed something, correct me if I'm wrong, wich I'm probably is =P, in this part of the code:
procedure TForm1.Timer2Timer(Sender: TObject);
var  pmRemote:      TProcessMemory;
     szString:      String;
     lvItem:        TLVItem;
     handle:        HWND;
     cnt:           Integer;
     i,z:             Integer;
     idxItem:       Integer;
     idxString:     Integer;
begin
if wnd<>0 then

   Begin
   ...
  End;

'wnd' hasn't been declared has it?
Maybe someone who really knows this kind of code could help us...
0
 
LVL 16

Expert Comment

by:CodedK
ID: 17972525
if it wasnt declared then it wouldnt work :/
Its in the public declarations ..
0
 
LVL 16

Expert Comment

by:CodedK
ID: 17972529
You can press control+space to navigate through the declarations when the mouse is on a variable.
0
 

Author Comment

by:plinho
ID: 17975939
hmm i see... So, lets just wait 'till someone help us ;-)
0
 

Author Comment

by:plinho
ID: 17998084
I've been looking here in EE for these kind of stuff and it seems that the only person able to do that is Mashi.... But, unfortunatly, he has time problem =/...
Anyway Madshi: I see that there are a lot of people with this doubt and since you are the only one that can help us please, if you have some time, try to make this work....thanks!!
0
 

Author Comment

by:plinho
ID: 18028256
Whooow I found a program that does ANYTHING with processes!!! The name is ProcessGuard...
http://www.download.com/ProcessGuard/3640-2239_4-10356311.html
If someone knows how to do these things please post here
0
 
LVL 1

Expert Comment

by:Computer101
ID: 21133164
Forced accept.

Computer101
EE Admin
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

The uses clause is one of those things that just tends to grow and grow. Most of the time this is in the main form, as it's from this form that all others are called. If you have a big application (including many forms), the uses clause in the in…
In this tutorial I will show you how to use the Windows Speech API in Delphi. I will only cover basic functions such as text to speech and controlling the speed of the speech. SAPI Installation First you need to install the SAPI type library, th…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now