| | Submitted on: 8/11/2002 9:13:18 AM
By: NaHeMiA
Level: Intermediate User Rating:
By 5 Users Compatibility:Delphi 5
Users have accessed this article 8761 times. | (About the author) |
| | The object of this short tutorial is to demonstrate how processes can be hidden from the windows, its taskbar, and its task manager. It also contains my code to hide from the task manager on 9x machines without crashing when run on NT, or XP. | |
|
Terms of Agreement:
By using this article, you agree to the following terms...
1) You may use
this article in your own programs (and may compile it into a program and distribute it in compiled format for languages that allow it) freely and with no charge.
2) You MAY NOT redistribute this article (for example to a web site) without written permission from the original author. Failure to do so is a violation of copyright laws.
3) You may link to this article from another website, but ONLY if it is not wrapped in a frame.
4) You will abide by any additional copyright restrictions which the author may have placed in the article or article's description. |
[Introduction]
Normally I don't write tutorials or submit code. I'm no Jerome ;p But trying to find good resources for *truely* hiding programs from windows was such a task for me that I figured I would share what knowledge I've found. If you are interested in hiding your program from windows and the task list or just curious about the different ways you can do so, then this file is for you!
[Hiding From Task Manager
#1]
The main way that everyone is telling you to do this is using code like this:
const
RSPSIMPLESERVICE = 1;
RSPUNREGISTERSERVICE = 0;
function RegisterServiceProcess (dwProcessID, dwType: DWord) : DWord;
stdcall; external 'KERNEL32.DLL';
RegisterServiceProcess(GetCurrentProcessID,
RSPSIMPLESERVICE);
Simple enough, right? It seems so. Unfortunately when you try using this code under any OS except for a 9x machine, it will crash the entire program. It crashed mine even before I ever called the function! When I found this out I was frustrated because I wanted my bot to work universally on all OS's. Because of this, I finally found a way to make it work and wrote universally compatible code. If your code is meant only for Windows 9x machines, then there would be nothing wrong with using the previous code. If not, read on..
[Get Operating System]
In order to make the code that
follows work, we must have a variable that will find the operating system. To do
this, I have found (and slightly modified) the following code:
var
// Global OS vars
VersionInfo: TOSVersionInfo;
Platform: string;
MajorVersion,MinorVersion,Build: DWORD;
procedure GetOSVersion;
begin
VersionInfo.dwOSVersionInfoSize := SizeOf(VersionInfo);
GetVersionEx(VersionInfo);
with VersionInfo do
begin
case dwPlatformId of
VER_PLATFORM_WIN32s: Platform := '3.1';
VER_PLATFORM_WIN32_WINDOWS : Platform := '98';
VER_PLATFORM_WIN32_NT:
begin
Case dwMajorVersion of
5 : Platform := '2000/NT';
else
Platform :=
'NT';
end;
if
dwBuildNumber > = 2500 then Platform := 'XP'
end;
end;
MajorVersion := dwMajorVersion;
MinorVersion := dwMinorVersion;
Build := dwBuildNumber;
end;
end;
[Hiding From Task Manager #2]
Now that we have a function to check the OS version we can add my universally compatible code to hide from 9x machines. First we need to add the type TReg before your implementation:
type
TReg =
function (dwProcessID, dwType: DWord) : DWord;
Now for the
code. In this example we will assume that the following code is put in a form's
FormCreate event. Because that's most likely where you will want to put
it:
var
RegisterServiceProcess: TReg;
begin
// Determine the operating system
GetOsVersion;
// Check to see if OS is 9x
if Platform = '98' then begin
Handle :=
LoadLibrary('KERNEL32.DLL');
if
Handle <> 0 then begin
@RegisterServiceProcess := GetProcAddress(Handle, 'RegisterServiceProcess');
if
@RegisterServiceProcess <> nil then
RegisterServiceProcess(GetCurrentProcessID, RSPSIMPLESERVICE);
end;
FreeLibrary(Handle);
end;
end;
[Hiding From
NT]
This is a difficult task. NT boxes are not easily tricked. There is only one simple way that I've found to do this, and I believe it only works on NT 4.0. Go to your Project unit (IE. Project1) And find where it initializes and sets the application title. Replace it with this code:
Application.Initialize;
Application.Title:=
'';
The version of NT that this works with (NT 4.0?) will not show your process in the manager because it displays processes by their titles, and your program is now running without one!
[Hiding from taskbar & windows]
The following is just a little piece of code I wrote to ensure that my form is unseen. It is commented so I will not explain it here:
procedure HideMe();
begin
// Make sure the form is out of sight
form1.Left := 99999;
form1.Top := 99999;
// Make form dissapear
form1.Visible := false;
Application.Minimize;
// Hide window entirely (dissapears from task bar!)
ShowWindow(Application.Handle, SW_HIDE);
SetWindowLong(Application.Handle, GWL_EXSTYLE,
GetWindowLong(Application.Handle, GWL_EXSTYLE)
or WS_EX_TOOLWINDOW );
end;
[Note]
Some code used in this tutorial was based on other's code. Thanks to those who wrote the original code.
[Conclusion]
Hopefully
some of this has been helpful. I have no good HTML editor on this computer so
this isn't a nice flashy tutorial. Good luck in your programming! I always am
interested in hearing about new methods and techniques, so if you would like to
share some feel free to drop me a line. Also, if you have a question with
anything here or something else let me know and I'll do my best to help. Happy
c0d1ng!
;)
-NaHeMiA- | |
|
Report Bad Submission |
|
|
Your Vote! |
See Voting Log |
|
Other User Comments |
8/13/2002 3:10:31 AM:jomblokeren interesting..
but a normal process
should
not be hidden from os task
manager, otherwise we can not kill it
whenever it get stuck and crash your
window.
anyway, this method of
hiding process has open a little
"secret" behind windows that i could
use someday.
***** for revealing
this little "secret"
|
8/16/2002 9:40:24 PM:Wax. very nice, i ran into the same problem
with nt/2k/xp - thanks
|
1/6/2003 9:41:56 PM:NaHeMiA Something I forgot to add. Most of you
figured this out but I got a question
so I figured I'd mention. In my method
(Hiding from task manager #2) if you
are getting an error about the variable
|
1/6/2003 9:44:08 PM:NaHeMiA then you need to add this line below
"var" and above
"RegisterServiceProcess: TReg;" >> Add
this <<
Handle: integer;
|
3/4/2003 7:04:23 PM:triniti i noticed on XP that the
RegisterServiceProcess funtion is in
the USER32.dll not the Kernel32.dll and
it's Services not Service
???
function
RegisterServicesProcess(dwProcessID,dwTy
pe: DWORD): DWORD; stdcall; external
'USER32.DLL';
|
3/9/2003 7:54:37 PM: You are right, in Windows NT
RegisterServicesProcess is in
user32.dll. I tried calling it but it
does not work.
|
3/9/2003 9:21:54 PM:NaHeMiA NT based systems don't have the ability
to hide from the task list. This is a
good thing for NT and XP users ;)~
RegisterServicesProcess for hiding is
only good for 9x
|
6/18/2003 12:08:23 AM: can someoen email me a example code wif
this. It seems no amtter how i setup
this code in my own code, it keeps
comeign up wif error after error. and
example of a working version would be
great appriacated if someone would be
kind to email me one @
sniper_dude_rockz@hotmail.com
|
9/13/2003 8:28:45 AM: Can anyone mail me the whole working
code too? email:
jonas_renold@hotmail.com
|
11/13/2003 5:47:07 AM: This is what I was looking for. But I
cant get it to work. I don´t know what
I´m doing wrong. Does anyone have a
Project as an example that can send it
to me ? My e-mail is
Fredy992@hotmail.com
Thank You NaHeMiA
|
11/21/2003 8:35:38 AM: No errors when I compile this, but it
doesn't hide the process in the task
bar either (unlike when I compiled
using the tradional external kernal32
call). Any ideas why? I'd like to be
able to compile this on an XP machine
and have the code work on a 9x
platform. Thanks.
|
11/24/2003 2:51:55 PM:Christer Bru I dont think you need to check the OS
first because if it isnt a 9x (or ME)
the @RegisterServiceProcess will be nil
and no errors will occour. And if
someone has problems with the
"filename.exe has coused an error in
<unknown>" its because they haven't
used stdcall; its not TReg = function
(dwProcessID, dwType: DWord) : DWord;
but TReg = function (dwProcessID,
dwType: DWord) : DWord; stdcall; Hope
this helps.
|
|
Add Your Feedback! |
Note:Not only will your feedback be posted, but an email will be sent to the code's author in your name.
NOTICE: The author of this article has been kind enough to share it with you. If you have a criticism, please state it politely or it will be deleted.
For feedback not related to this particular article, please click here. |
|