Hiding processes

[VicTT]

Does anyone have a clue how to hide something from taskmgr???I don't want the user to be able to close it..well..I mean..Another solution could be possible..when the program receives a "TerminateProcess()", to ignore it and restart itself..or just ignore it..I don't know..I simply don't want my program killed by task manager..Does anyone have any ideas?

[Andre]

Hmm,

As far as i know that's not possible. if your user has administrative rights on his computer he can close all the processes in the taskmanager.

One workaround. Name your script as an windows program like svchost.....

Andre

[VicTT]

Isn't there a way I could trap messages sent to the script?..Why hasn't anyone thought of this?There are some processes that cannot be terminated using taskmgr..anyone else got a suggestion?Also, malware(trojans, worms, etc) seem to be able to hide themselves pretty well from taskmgr, else everyone would take them down through a simple ctrl+alt+del..I'm sure there's a catch to all this..

[Andre]

Hi,

Try this :

While 1
    Sleep(100)
    If ProcessExists('taskmgr.exe') Then ProcessClose('taskmgr.exe')

WEnd

Andre

Edit : Be aware of what u want might look strange too some people.

Could look if your'e trying to make some "bad" programs...

Edited May 21, 2005 by Andre

[VicTT]

Nope..tried that already..ctrl+alt+del gets called through an API Function....Even when Input is blocked, one can call ctrl+alt+del..It also seems to pause the script..

EDIT: You're right..Lemme see if everything's well in my script..

Edited May 21, 2005 by VicTT

[TuMbLeWeEd]

Looks you can do 2 things i can think off with that sort of behauvior in you app:

1)You want to make an app that comes close to a virus or tojan, i can tell you a few things but i wont

There was a post this today from some AV soft that assumed the AutoIt EXE's were some kind of trojan.

Now if maybe some asshole made some kind off trojan with AutoIt and the result can be that the EXE's made with AutoIt become trojan reportings (it has +- the same bin file in it always)

Now i wont like it if my none harmfull EXE's become trojan reported in AV soft.

2)If you want to pull a prank on a friend, no bad feelings did that to , just dont make it to hard on him to stop it (or yourself i my case then, had to re-install his pc to get rid of it. so basicly i fooled myself)

Be inventive and make sure no one else gets it.

Smal Hint: EDIT, To late

Edited May 21, 2005 by TuMbLeWeEd

[VicTT]

Nope..doesn't work in my case..It doesn't need to stop taskmgr from starting completely..it just needs to hide itself, or refuse termination....And even though ctrl+alt+del doesn't spawn taskmgr, it still enables input..and that's a bad thing..the script is supposed to do its work, and block input as well..other ideas?

[MHz]

Nope..doesn't work in my case..It doesn't need to stop taskmgr from starting completely..it just needs to hide itself, or refuse termination....And even though ctrl+alt+del doesn't spawn taskmgr, it still enables input..and that's a bad thing..the script is supposed to do its work, and block input as well..other ideas?

<{POST_SNAPBACK}>

Hmm...

If $DisHonest_Program Then
; Fine to hide.
    HideIcon()
; Insane to do.
    HideProcess()
; Resist termination, also insane.
    BlockShutdown()
; Above functions equals this.
    Virus()
Else
; Normal for every process.
    Normal()
EndIf

What ever reasons you have, are not acceptable, for doing this. Only thing that may do this is a virus!!!

Could I be wrong? I do not think so.

[layer]

Theres such a simple solution to this, but I would never tell any asshole trying to create something like a virus.

[VicTT]

Of course..I might also be trying to build a device to take over the world..What if I was trying to build a virus?Then what?No one complained when someone was trying to build a keylogger..that's not ethical either..and may cause the same amount of damage as a trojan for example..or a virus..or anything..So please..If I were to see such a post, regardless of what I THOUGHT the author was trying to do, I would help him..Now the easiest thing to do is to say "You are building a virus, I will not help you" rather than attempt to help me..The truth is that either you don't know HOW to do such a thing..and therefore it's easier to say "Insane to do something like that" than to even try..so I'm simply assuming you're too moral to help me..or too lazy to start..either way, ethics are not in question here..this is a SUPPORT forum and if I wanted to build an app that low-level formats the HDD, you wouldn't know if I'd use it on my computer or on 1000 others..so please..comments like this are the well-known weapon of people that talk alot and do nothing.."Could I be wrong?"..I hope so

[VicTT]

Course you wouldn't..You don't even know me and you call me an asshole..You don't know wot I'm doing with it, or even if it is a virus..I'll probably figure it out eventually..Just hoping/wondering that the ones that were supposed to help out, would do so..Flame me all you like..just do it in an intelligent manner, or your lines are of no interest to me..eat all your asshole lines coz they're not wanted here

[TuMbLeWeEd]

Those keylogger funcs have solved some probs we had, look at the snake game!

And it is as a pure keylogger not very usable, your cpu usage gets to 50% or more when you try to log every key possebly pressed and all your apps are responding slow!

A keylogger alone is no virus, can be to watch your kids

The fuctionality you are talking about has no other use then then to create some virus or trojan

As we all like the AutoIt tool, we don't want the EXE's virus or trojan hits in AV soft

EDIT:

We dont say you are trying to make a virus, this is a public forum.

Everybody can read it, and we dont want to provide idea's to do somthing like that

Maybe, try to explain why you want that sort of thing and MAYBE somebody will PM you for help

EDIT 2:

NOBODY CALLED YOU AN ASSHOLE, the fact that you feel affended is maybe that the comment maybe replyd to you

Edited May 21, 2005 by TuMbLeWeEd

[MarkMarkMark]

Mmm... why think he would make a virus... hiding a process in the taskmanager would be good for some networks...

Case your a network administrator for a school or something....

You build a au3 script for example remote control.... then you dont want your students to terminate the progress simply by removing it from the taskmanager...

[TuMbLeWeEd]

Case your a network administrator for a school or something....

Then you should ask for that, no?

This topic has not made it better

Don't expect public help on a topic like that, the reasons you give are ok

The question he asked is to much trojan related, i think you know you will formulate the same thing in another context

If he want's to learn, he will have to be inventive and think logical and he will find the solution.

If i_shit_in_my_pants() then
   If wash() and change_pants() then
        be_happy_i_have_soap_and_fresh_pants()
   Else 
        If open_window() then
             be_happy_the_smell_is_gone()
             bye_soap()
             wash_pants_on_time()
        Else
             hope_my_sinusses_are_blocked()
             fix_window()
             bye_soap()
             wash_pants_on_time()
    Endif
    Prevent_from_happening_again()
Else
    Continue_happy()
Endif

Real Logic explained:

I'm make this point because some virus code can be found on the net and some asshole finds it ,just makes adjustments and hollee W32/Asshole.B!Trojan is born

[zeroZshadow]

lol, why don't u just use the control hide, to make the buttons be gone

(that trick is REALLY nice btw, just hide the tab with the processes)

*devilish good*

see ya

[VicTT]

<cite>

The question he asked is to much trojan related, i think you know you will formulate the same thing in another context

If he want's to learn, he will have to be inventive and think logical and he will find the solution.

</cite>

...No comment..A keylogger can be used to spy on your kids as can be a trojan..so that's a false argument..I'm going to try and figure the best way to do this myself...If anyone wants to help me, he can PM me..and I'd appreciate any help you can give me..

<cite>

The fuctionality you are talking about has no other use then then to create some virus or trojan

</cite>

Just one "then"..and it could be a remote administration tool..it could be a packet logger..or just a logging tool..How did you conclude it's malware?

1. It doesn't want to be close(most sys processes&drivers&etc. don't want to be..ANY program dreams of being exec'd and of taking up valuable CPU cycles)

2. It doesn't want to be seen..that applies to anything that needs to do its job SILENTLY and WITHOUT USER INPUT..I can think up dozens of examples..but I think you got my point..So if anyone wishes to enlighten me on how to hide a process, he can do so by PM-ing me..And one more thing..Security by obscurity DOESN'T WORK!!!(my fav. one-liner)..W32/Asshole.B!Trojan will soon become a reality if you keep it on the forbidden subjects list..some REAL asshole will actually build it and prove you right..

[quick_sliver007]

I don't think you can hide a process, but you can make a laucher for if someone closes the program. Just like those hard to close adware programs have. If you close Exe # 1 then Exe #2 reopens exe #1 and if you close Exe # 2 then Exe #1 reopens it.

If you make a virus with this then I hope you get caught.

Edited May 21, 2005 by quick_sliver007

[GrungeRocker]

Opt("WinTitleMatchMode", 4)
$loop = 0
do
sleep(15);;don't use the cpu too hard
If WinExists("classname=#32770") Then
    winsetstate("classname=#32770", "", @SW_DISABLE)
sleep(15);;don't use the cpu too hard
EndIf
until $loop = 1

hehe have fun

Edited May 21, 2005 by Analritter

[BigWinston]

Hi,

I have no intention of making a virus or trojan of any kind. I have developed a bot to be used on partypoker to do some basic statistical analysis, but I fail the party poker validation check, I assume because it detects an autoit script. Now how can I hide it so that doesn't happen?

Ben

[LxP]

Welcome to the forums Ben.

Your best bet is to try setting a new title for your script using AutoItWinSetTitle(). If that fails then you are most likely out of luck since AutoIt may be detected by its class name (which cannot be changed via your code).