Hiding system users/sessions/processes

Posted by: psychogen

Hiding system users/sessions/processes - 02/14/03 11:27 AM

Hmm just wondering,

SR I remember you were working on API calls to hide certain system processes from the task manager such as processes, strange enough.

I am wondering if that project ever worked out right?

And how you would go about hiding users from .net platformed task managers.

Dah...

I am looking into the whole deal but as usual time costs and I would rather get info from someone who has made the research before hand.

<>
Posted by: SilentRage

Re: Hiding system users/sessions/processes - 02/14/03 05:20 PM

Let's see... VB forum? Hiding visual basic programs? good luck! There's a simple API that can hide you from the Win9x tasklist. And there's a simple VB method that can hide you from the nt/2k task list. However the process list under 2k will of course list your application.

There are certain clever hacks that can be done to hide from even the process list tasklist, however these hacks can't be done from VB I don't think.
Posted by: ninjaneo

Re: Hiding system users/sessions/processes - 02/15/03 06:11 PM

heh but you can make your App Un-Killable from the Task manager... by Setting its Thread thing to System.. and also you can name it certain things.. If either of those intrest you say so and Ill post the code
Posted by: Paragon

Re: Hiding system users/sessions/processes - 02/15/03 06:47 PM

Naming it certain things? Like what?
Posted by: Gremelin

Re: Hiding system users/sessions/processes - 02/15/03 07:10 PM

taskmans.exe lol...
Posted by: SilentRage

Re: Hiding system users/sessions/processes - 02/15/03 07:22 PM

yeah, it's really obvious. the name of your executeable being the name of the process.

the code to set your program/thread to system would be interesting.
Posted by: Paragon

Re: Hiding system users/sessions/processes - 02/15/03 07:23 PM

Hmm, I wonder if you can use ADS to have a program run apparently as another that can't be killed and have it inherit that property... and possibly others... Like kernel32.dll:[null] or something...