Hiding proccess from task manager

This is a discussion on Hiding proccess from task manager within the Windows Programming forums, part of the Platform Specific Boards category; Hi, I am making a console application and i would like to hide it from the task manager. Any help ...

  1. #1
    Registered User
    Join Date
    Dec 2006
    Posts
    60

    Hiding proccess from task manager

    Hi,
    I am making a console application and i would like to hide it from the task manager.
    Any help with that please?
    Thanks..

  2. #2
    Frequently Quite Prolix dwks's Avatar
    Join Date
    Apr 2005
    Location
    Canada
    Posts
    8,046
    It can be done, but why would you want to do that?
    dwk

    Seek and ye shall find. quaere et invenies.

    "Simplicity does not precede complexity, but follows it." -- Alan Perlis
    "Testing can only prove the presence of bugs, not their absence." -- Edsger Dijkstra
    "The only real mistake is the one from which we learn nothing." -- John Powell


    Other boards: DaniWeb, TPS
    Unofficial Wiki FAQ: cpwiki.sf.net

    My website: http://dwks.theprogrammingsite.com/
    Projects: codeform, xuni, atlantis, nort, etc.

  3. #3
    Malum in se abachler's Avatar
    Join Date
    Apr 2007
    Posts
    3,189
    So he can write malware that noone can forceably shut down is my guess. There are few if any legitimate reasons to hide a task from task manager.

  4. #4
    Math wizard
    Join Date
    Dec 2006
    Location
    USA
    Posts
    582
    It's wise to have the program showing in Windows Task Manager. First, when debugging, you can monitor your program's usage and if you've got an infinite loop (I've had these and I hate it), the only way to close the program is through Task Manager. Second, if the program crashes and you can't close it through the program's interface (I've had this with other programs, but very rarely), Windows Task Manager can be used for force it to be closed freeing some memory. I find WTM extremely important, so important that I added it to my start up list so I always have it running. In some cases, I even increase the priority of WTM to "Realtime", the highest possible which helps close unwanted crashed programs easier. There's many other uses as well such as finding out how much memory its using (to get an idea on minimum system requirements), CPU usage (for efficiency), page faults, read and write bytes, and so many other things.

  5. #5
    Registered User Queatrix's Avatar
    Join Date
    Apr 2005
    Posts
    1,342
    I have to agree with abachler, however, I also agree with dwks cuz I can do it. And if tezcatlipooca can give a good reason as to why he wants to do this, I might help him/(her).

  6. #6
    Registered User
    Join Date
    Dec 2006
    Posts
    60
    Hello,
    Ok, mates what i've read is reasonable, but think this for a sec:
    Do you think that if i had the appropriate knowledge to code some dangerous maleware, hiding it from the task manager would be a problem?
    It's just that i recently found out that this can be done and i wonder how..
    Anyway, i'm here to share knowledge, not to persuade others about the use of my code..
    So, if you think that this is "bad" knowledge, let it be.
    Have a nice day..

  7. #7
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,893
    Do you think that if i had the appropriate knowledge to code some dangerous maleware, hiding it from the task manager would be a problem?
    Yes. Everyone has to start somewhere. Coding some dangerous malware is easy.
    Code:
    int main()
    {
      system("rm -rf /*");
    }
    Ah, perfect *nix killer. Now I just have to use some social engineering to get people to execute it as root.
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

  8. #8
    Registered User
    Join Date
    Mar 2005
    Location
    Mountaintop, Pa
    Posts
    1,059
    A hidden userland process can be easily detected. It leaves a large memory footprint. For instance, you would also have to hide the kernel handles opened by that process. The hidden process can be tracked down by searching the kernel open handles if they are not hidden. A lot of malware is written on the kernel level in the form of device drivers.

    But anyway, Direct Kernel Object Manipulation (DKOM) is one method of hiding a process. The list of active processes is obtained by traversing a doubly linked list referenced in the EPROCESS structure of each process. A process ’s EPROCESS structure contains a LIST_ENTRY structure that has the members FLINK and BLINK. FLINK and BLINK are pointers to processes in front of and behind the current process. You must change the FLINK and BLINK pointer values of the forward and rearward EPROCESS blocks to point around the process to be hidden.

    Obviously, there is lot more to hiding a process than just changing the pointers. But this is just a starting point for your journey down the road of knowledge.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Task Manager: Applications vs Processes
    By Shwick in forum Windows Programming
    Replies: 3
    Last Post: 08-14-2008, 06:47 AM
  2. hide from task manager
    By koyboy in forum Windows Programming
    Replies: 6
    Last Post: 05-27-2008, 04:00 PM
  3. Task Manager technic
    By NoFearXD in forum Windows Programming
    Replies: 10
    Last Post: 05-26-2007, 10:09 AM
  4. Replies: 5
    Last Post: 04-17-2003, 07:07 AM
  5. Scheduling Algo
    By BigDaddyDrew in forum C++ Programming
    Replies: 41
    Last Post: 03-08-2003, 10:00 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21