Thread: hiding process from task maneger

  1. #1
    Just a Human Anuradh_a's Avatar
    Join Date
    Jan 2008
    Posts
    50

    hiding process from task maneger

    hi
    is it possiable to hide programe from windows task maneger??
    thanks

  2. #2
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,660
    There are a lot of bad reasons for wanting to do this, and not many good reasons.
    What exactly are you trying to hide and why?
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  3. #3
    Malum in se abachler's Avatar
    Join Date
    Apr 2007
    Posts
    3,195
    We get requests for this about every 3 months or so, and always from someone with <100 posts (coincidence?). Mostly we assume it is by script kiddies that want to hide their pet malware from the application monitor on the school computer.

    There is no legitimate reason to explicitly add this feature to a program.

    Unless you can show a compelling reason why you need to do this, I dont think most people on this board will help you.

  4. #4
    Unregistered User Yarin's Avatar
    Join Date
    Jul 2007
    Posts
    2,158
    I know how. <sing>Neener neener neener</sing>. And I might tell you if it weren't for the fact that it's actually very easy, meaning if you can't figure out how to do it yourself, then you also don't know how to make software that needs to do that. (excluding spyware ofcourse. )

    P.S. I accept personal checks.
    Last edited by Yarin; 01-30-2008 at 05:51 PM.

  5. #5
    Registered User
    Join Date
    Mar 2005
    Location
    Mountaintop, Pa
    Posts
    1,058
    Task manager is made up of EPROCESS blocks which is essentially a linked list with a List Entry structure. If you understand linked lists, you'll understand the method used to hide a process.

    A process hidden by this method will still continue to run because scheduling in Windows is thread based not process based. But the kernel reports what's running on the system by using the EPROCESS blocks which can be modified without affecting the system.

  6. #6
    C++まいる!Cをこわせ!
    Join Date
    Oct 2007
    Location
    Inside my computer
    Posts
    24,654
    Since when were we going to reveal how without knowing the legality of the question involved?
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  7. #7
    Registered User
    Join Date
    Mar 2005
    Location
    Mountaintop, Pa
    Posts
    1,058
    Quote Originally Posted by Elysia View Post
    Since when were we going to reveal how without knowing the legality of the question involved?
    There is absolutley no reason to post any code to illustrate this "hiding process" method since it's primary purpose is to infiltrate systems.

    Explaining the concepts of "hiding a process" and actually writing the code are two entirely different things. Writing the actual code is easier said than done.

    Also, this "hiding process" topic is commonly discussed at computer security seminars. So, it's not exactly "hush hush" top secret info. It's really common knowlege.

  8. #8
    Just a Human Anuradh_a's Avatar
    Join Date
    Jan 2008
    Posts
    50
    hi
    i just want to create a programme that protects my personal files from the others.I have studied most of similar kind of programmes.But problem is task maneger show their processors.I don't have a clue to do this.thats why I asked from your people help. hope i'm not breaking the rules and sorry for my bad english.
    thank you all

  9. #9
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,660
    You should be hiding the files, not hiding the processes.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  10. #10
    Registered User
    Join Date
    Sep 2004
    Location
    California
    Posts
    3,268
    Or even better, hide the computer. No one will think to look under the bed.

  11. #11
    Unregistered User Yarin's Avatar
    Join Date
    Jul 2007
    Posts
    2,158
    If you are just wanting to protect your running process, you could place a event hook, and check to see if the task manager is the one getting focus, if so stop it from happening. I wouldn't do it that way, but it works.

    To hide your files you should hook the FindNextFile() api, which is very difficult.
    In the end, I advise encrypting your files rather than hiding them. It's not to difficult to make your own encryption method that your buds won't crack.

  12. #12
    C++まいる!Cをこわせ!
    Join Date
    Oct 2007
    Location
    Inside my computer
    Posts
    24,654
    Hiding files can easily be done via a shell extension to explorer.
    Much easier, but not 100&#37; foolproof.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  13. #13
    Reverse Engineer maxorator's Avatar
    Join Date
    Aug 2005
    Location
    Estonia
    Posts
    2,318
    Quote Originally Posted by Yarin View Post
    To hide your files you should hook the FindNextFile() api, which is very difficult.
    Did you say difficult?
    Try DKOM then.

    Seriously, encrypting is the only fool-proof way to do it. Even kernel manipulation wouldn't help a tiny bit because I walk around with a Linux livecd in my pocket.
    Last edited by maxorator; 02-01-2008 at 02:35 PM.
    "The Internet treats censorship as damage and routes around it." - John Gilmore

  14. #14
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    Quote Originally Posted by Yarin View Post
    It's not to difficult to make your own encryption method that your buds won't crack.
    Better yet, use someone elses well known encryption, such as PGP disks, which allows you to just set a password, and the content is protected unless someone figures out your password. Even encrypted zip files are fairly safe - it obviously depends on whether you need protection from "evil friends" or "the FBI or KGB" - the latter may require a bit more work than the former and encrypted zip-files may not be quite as much help.

    As Maxorator says, for someone with physical access to your machine, any software in your machine that attempts to prevent something will be easily circumvented by either booting another OS or disconnecting the hard-disk and using a "fresh OS".

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  15. #15
    Malum in se abachler's Avatar
    Join Date
    Apr 2007
    Posts
    3,195
    Quote Originally Posted by matsp View Post
    and encrypted zip-files may not be quite as much help.
    zip 'encryption' is so laughably insecure that it may as well be plaintext.

    If you need to prevent access to data to people that have physical access to the machine, then you must use hardware security. There are hardware devices on teh market that will encrypt yoru entire file system using AES256 in real time. You simply insert your personal key into the machine and remove it when you are finished. Without that key inserted, There is no reasonable way for the average person to gain access to yoru data. The NSA on the other hand can crack AES256 as it is an inherently crackabel system. You dont have to worry about anyone but them though, and if you need to worry abotu the NSA , then you realyl shouldnt be letting people have physical access to your machine.
    Last edited by abachler; 02-03-2008 at 02:42 AM.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Replies: 3
    Last Post: 10-15-2008, 09:24 AM
  2. Problem with forking a process
    By Unitedroad in forum C Programming
    Replies: 10
    Last Post: 10-04-2007, 01:43 AM
  3. process programming
    By St0rM-MaN in forum Linux Programming
    Replies: 2
    Last Post: 09-15-2007, 07:53 AM
  4. difference between a process and a task?
    By anoopks in forum Linux Programming
    Replies: 3
    Last Post: 04-06-2003, 01:13 AM
  5. Scheduling Algo
    By BigDaddyDrew in forum C++ Programming
    Replies: 41
    Last Post: 03-08-2003, 11:00 AM