Hiding Processes

				




[Introduction]


      
	Normally I don't write tutorials or submit code. I'm no Jerome ;p But trying to find good resources for *truely* hiding programs from windows was such a task for me that I figured I would share what knowledge I've found. If you are interested in hiding your program from windows and the task list or just curious about the different ways you can do so, then this file is for you!




[Hiding From Task Manager 
#1]
 


      
	The main way that everyone is telling you to do this is using code like this:



 const

 RSPSIMPLESERVICE = 1;

 RSPUNREGISTERSERVICE = 0;

 function RegisterServiceProcess (dwProcessID, dwType: DWord) : DWord;

 stdcall; external 'KERNEL32.DLL';



RegisterServiceProcess(GetCurrentProcessID, 
RSPSIMPLESERVICE);
      

	Simple enough, right? It seems so. Unfortunately when you try using this code under any OS except for a 9x machine, it will crash the entire program. It crashed mine even before I ever called the function! When I found this out I was frustrated because I wanted my bot to work universally on all OS's. Because of this, I finally found a way to make it work and wrote universally compatible code. If your code is meant only for Windows 9x machines, then there would be nothing wrong with using the previous code. If not, read on..




[Get Operating System]
 


      In order to make the code that 
follows work, we must have a variable that will find the operating system. To do 
this, I have found (and slightly modified) the following code:
	



 var

// Global OS vars

VersionInfo: TOSVersionInfo;

Platform: string;

MajorVersion,MinorVersion,Build: DWORD;



 procedure GetOSVersion;

 begin

VersionInfo.dwOSVersionInfoSize := SizeOf(VersionInfo);

GetVersionEx(VersionInfo);



with VersionInfo do

begin

case dwPlatformId of

VER_PLATFORM_WIN32s: Platform := '3.1';

VER_PLATFORM_WIN32_WINDOWS : Platform := '98';

VER_PLATFORM_WIN32_NT:

begin

 Case dwMajorVersion of

 5 : Platform := '2000/NT';

 else

 Platform :=
'NT';

 end;

 if
 dwBuildNumber > = 2500 then Platform := 'XP'

end;

end;



MajorVersion := dwMajorVersion;

MinorVersion := dwMinorVersion;

Build := dwBuildNumber;

end;

 end;
 





[Hiding From Task Manager #2]


      
	Now that we have a function to check the OS version we can add my universally compatible code to hide from 9x machines. First we need to add the type TReg before your implementation:



 type

TReg =
function (dwProcessID, dwType: DWord) : DWord;


      Now for the 
code. In this example we will assume that the following code is put in a form's 
FormCreate event. Because that's most likely where you will want to put 
it:
	



 var

RegisterServiceProcess: TReg;

 begin



 // Determine the operating system

 GetOsVersion;



 // Check to see if OS is 9x

 if Platform = '98' then begin

Handle :=
LoadLibrary('KERNEL32.DLL');

if
Handle <> 0 then begin

@RegisterServiceProcess := GetProcAddress(Handle, 'RegisterServiceProcess');

if
@RegisterServiceProcess <> nil then

 RegisterServiceProcess(GetCurrentProcessID, RSPSIMPLESERVICE);

end;

FreeLibrary(Handle);

 end;

 end;
 




[Hiding From 
NT]
 


      
	This is a difficult task. NT boxes are not easily tricked. There is only one simple way that I've found to do this, and I believe it only works on NT 4.0. Go to your Project unit (IE. Project1) And find where it initializes and sets the application title. Replace it with this code:



 Application.Initialize;

 Application.Title:=
 '';


      

	The version of NT that this works with (NT 4.0?) will not show your process in the manager because it displays processes by their titles, and your program is now running without one!




[Hiding from taskbar & windows] 


      
	The following is just a little piece of code I wrote to ensure that my form is unseen. It is commented so I will not explain it here:



 procedure HideMe();

 begin

// Make sure the form is out of sight

form1.Left := 99999;

form1.Top := 99999;



// Make form dissapear

form1.Visible := false;

Application.Minimize;



// Hide window entirely (dissapears from task bar!) 

ShowWindow(Application.Handle, SW_HIDE);

SetWindowLong(Application.Handle, GWL_EXSTYLE,

GetWindowLong(Application.Handle, GWL_EXSTYLE)

or WS_EX_TOOLWINDOW );

 end;
 




[Note]

      
	Some code used in this tutorial was based on other's code. Thanks to those who wrote the original code.


[Conclusion]



      
Hopefully 
some of this has been helpful. I have no good HTML editor on this computer so 
this isn't a nice flashy tutorial. Good luck in your programming! I always am 
interested in hearing about new methods and techniques, so if you would like to 
share some feel free to drop me a line. Also, if you have a question with 
anything here or something else let me know and I'll do my best to help. Happy 
c0d1ng!
 
 

	;)


-NaHeMiA-