Click to See Complete Forum and Search --> : Hide TaskName from Win NT Task Manager.
Prabhash Mandal
Nov 13th, 2000, 11:18 PM
Hi,
If any body know how to hide the application name/Taskname/Processname from Task manager(Ctrl+ Alt+ DEl) in Win NT client Server machine. I am able to do same thing in Windows 9X but not in WinNt. Tell me the API name at least.
Thx & Regds.
Pcm
Stevie-O
Nov 20th, 2000, 10:23 AM
It's not possible. The Win9x "Task Manager" is a joke, and is easy to fool. However, the WinNT (and Win2K; Win2K = WinNT 5.0) Task Manager sees all and cannot be fooled.
noble
Nov 28th, 2000, 04:46 PM
Unfortunately, both the WinNT tasklist and the process list can be fooled. You CAN have a program or a process running and hide it from both the tasklist and the process list. There are the totally obvious ways to fool the task list so I won't discuss them. The process list is trickier, however. All of the information for the process list is gathered from a key in your system registry. This key is constantly being accessed. There is a HOOK which you can use to monitor activity to and from that key. Therefore, it is not impossible to fool the process list, it is just very complicated. There is also another way which you can achieve the same "trick" by cloning an API.
Also, a totally obvious way to fool the process list is to have a *.dll piggyback an existing *.exe or to use a totally inoculous name for a process........such as winlogon.exe. The average person will see this and think it is totaly harmless.
As mentioned earlier, the monitoring of the registry key can not be accomplished through VB to my knowledge.
If you interested in witnessing the previously mentioned registry key to see how the process list works, go to.....
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
enjoy! :)
SmackAttack
Nov 28th, 2000, 05:43 PM
Consider running your program as a service under NT/2000 if you want to prevent people from disabling it in Task Manager. Yes, you CAN create services with VB...there's a little-known OCX from Microsoft that allows you to do this...it is easily the coolest OCX ever written :) But it's not officially supported by MS so use at your own risk. I have tried it and it seems to work fine, however.
Find out more about it here:
http://msdn.microsoft.com/library/techart/msdn_ntsrvocx.htm
Get the OCX here:
http://www.vbwire.com/advanced/howto/ntsrvocx.zip
vbforums.com
Copyright Internet.com Inc., All Rights Reserved.