Programs that are active on the computer can always be viewed by opening the "Task Manager". However, sometimes it may happen that you need to make the execution of a program invisible. If you also have such a desire, you will probably start looking for an answer to the question of how to hide a process in the Windows Task Manager.
Learn how to hide the Windows Task Manager process
Of course, the anonymity of the execution of some programs will allow you to track those who excessively litter Personal Computer... This is especially important when multiple users have access to the PC.
Also, the desire to hide the process arises among those who establish own program and strives to prevent advanced users from in simple ways reveal her presence.
Any execution of a program is a process that needs a certain amount of RAM. Processes are subdivided into:
- systemic;
- anonymous;
- custom;
- Internet related.
It is not recommended for those who do not have practical experience and the necessary technical knowledge to intervene in system processes, since such an unreasonable implementation can provoke extremely undesirable consequences. One of these consequences may be the failure of the subsequent launch of the operating system.
You can learn how to hide any custom programs, and you don't need to make huge efforts, just carefully read our recommendations. We draw your attention to the fact that even an advanced engineer who is not aware of your "creative deeds" will not just notice the "left" process.
Algorithm of actions
If you needed to hide a software application, first you need to figure out whether it is simple, whether it launches additional processes that can simply give it out, no matter how you try to hide the program.
If, indeed, your program is simple, if it appears in the Task Manager as a single line, we suggest the simplest way to hide the process. To do this, you just need to rename it.
So, we will help you figure out how to rename the process in the Task Manager so that the program continues to function perfectly in anonymous mode.
Step 1
Initially, you should go to the folder where the execution file of a specific program is located. If you know where it is located, then use your usual "route" by opening the "Computer" window, going to the system drive C, and then going to its root folder.
If you don't know where the execution file is hiding, it doesn't matter, you just need to find this process in the list displayed in the Task Manager, right-click on it, and then select the line "Open file storage location" in the window that opens.
Step 2
After such your actions, the folder you are looking for will open, in which it remains for you to find the execution file. Searching will be easy, since this file has exactly the same name as in the list of processes in the Task Manager. In addition, this file has an "exe" extension.
Step 3
To rename a file, click on it again with the right mouse button, and then select the "Rename" line. Now that you have managed to assign a new name to your software application, open the "Task Manager", see that this rename is displayed there as well.
Of course, what name you come up with will depend on how much your program becomes "veiled" for other PC users. An unfamiliar process with a new name will arouse suspicion even faster and force the technical engineer to figure out what kind of program is running on the PC.
For this reason, many experienced users recommend coming up with names that at first glance do not raise any suspicion.
In particular, the open browser Chrome spawns multiple processes at the same time, just like Windows does. It is advisable to take the same process name, but since the system will not allow two processes of the same name to function at the same time, it is recommended to apply a little trick when renaming. Instead of some English letters in the name, it is as if by chance to spell Russian. Outwardly, it is impossible to distinguish Russian letters from English letters, but the system will distinguish, therefore, it will allow programs with conditionally the same names to work.
Outcomes
So, as you can see, making some software application anonymous can be done without much difficulty. Of course, there are still quite advanced methods that allow you to more reliably hide any process, but they are based on writing complex codes and programming skills. If you do not set yourself such complicated goals, then hiding the workers software applications by renaming is a perfectly acceptable option.
There are situations when you need to install and use the program in secret from another person who understands computers and often glances into the processes of the task manager when the device freezes or is unstable. Sometimes it is required to activate tracking of the computer so that it is not cluttered unnecessary files... In other cases, it is required to trace the person. There can be a lot of reasons, each one has its own.
What are processes?
A process is a program that runs on a computer and occupies a specific location in random access memory.
Processes are divided into:
Systemic(programs and utilities that are components of the operating system and any emergency termination of one of them can lead to negative consequences, such as a crash in Windows).
Anonymous(they are extremely rare, they are program files that are launched as auxiliary ones due to user manipulation, without asking for permission to run).
Network / Local(processes in the task manager associated with local area network, The Internet, and the registry are essential programs and components of Windows).
Custom(programs that are launched by the user).
Is it possible to define a "left" process?
It is not always possible to define a "left" process. If the person who created it and completely disguised it, it is unlikely that even an experienced computer engineer will be able to calculate it, without getting a hint of this fact and a detailed study of the behavior of each process.
However, a person who is sure that the computer is hanging extra program, and even badly disguised, will be able to calculate it in a matter of minutes.
How do I hide a process in the task manager?
The easiest way to hide the process is to rename the main executable file. But it is worth considering how the program works and whether it creates additional processes that issue it.
If there are no extra processes, then you can proceed:
1. Open the folder with the executable file. This can be done in several ways: if you know where the file is located, you can go to the folder with it, or click on the process right click mouse and select "Open file location".
2. After going to the folder, find the executable file, it must match the name of the process in the manager.
3. Rename the file so that it is difficult to identify the name change. You can rename through the item of the same name. context menu... The file extension must still be executable (.exe).
4. Go to the task manager and look at the process that you yourself changed.
Everything went fine, but the process is visible and should be masked so that no one would guess about its real purpose? To do this, it is worth considering a few nuances that can allow you to hide the process in the task manager without any help.
The process should be similar to the program that creates many copies of its own and it is always included. A clear example of this is all browsers on the Crome engine, or permanently running program Windows that will not arouse suspicion.
Names can be changed by switching between Russian-English letters, for example, replacing English with Russian and correcting foreign letters: a, b, d, e.
In conclusion, it should be noted that you may need to rename a few more files that are "subprocesses" of the program.
We hope you figured out how to hide a process in Windows. Experiment, hide, learn.
Opening the "Task Manager", windows user can see leaks in the system processes and close those that seem suspicious to him. To protect their programs from detection, the authors of Trojans and ad-aware are trying by all possible ways hide them processes.
Instructions
To get the most out of Task Manager, you must configure it correctly. Open the utility (Ctrl + Alt + Del), choose "View" - "Select Columns". Check the boxes: "Process ID", "CPU Load", "Memory - Usage", "USER Objects", "Username". You will not be able to see the hidden processes but more detailed information about visible is also very useful. For example, many simple Trojans disguise themselves as the svchost.exe process. The original process is marked as SYSTEM in the Username column. The Trojan's process will have the Admin status, that is, it will be launched as an administrator.
Almost any well-written Trojan horse is now capable of hiding its presence from the Task Manager. Can it be found in this case? This is where special utilities come to the rescue to reveal hidden processes... AnVir Task Manager is a very convenient program that allows you to identify many dangerous programs. The program has a Russian interface and can be downloaded for free on the Internet.
The simple and easy-to-use Process Hacker program has very good capabilities for finding hidden processes. Using this utility, you can see the running processes, services and current network connections.
One of best programs to search for hidden processes is Spyware Process Detector, its trial 14-day version can be downloaded from the link at the end of the article. The program has a wide range of search mechanisms for hidden processes, which compares favorably with many other similar utilities.
A small utility called HijackThis can be a useful tool in the fight against Trojans. The utility is designed for fairly experienced users. You can see a guide on its use below, in the list of sources.
Often, anonymity and secrecy play a key role in the successful performance of any action, both in reality and in virtuality, in particular in operating systems... This article will discuss how to become anonymous on Windows OS. All information is provided for informational purposes only.So, we will try to hide from the user's eyes in the Windows Task Manager. The way in which we will achieve this is extremely simple in relation to those based on intercepting nuclear (often undocumented) functions and creating our own drivers.
The essence of the method: search for the Task Manager window -> search in it for a child window (list) containing the names of all processes -> remove our process from the list.
As you can see, no manipulations will be made with our process: as it worked, it will work for itself. Since a standard ordinary Windows user, as a rule, does not use any other tools to view running processes on his computer, this will only play into our hands. The process will not be detected in most cases.
What was used for the study:
1) Spy ++ from Microsoft (for exploring the hierarchy of Task Manager child windows)
2) OllyDBG to view the functions used by the dispatcher to get a snapshot of processes.
3) Actually, myself taskmng.exe(Task Manager)
To write the code, we will use the Delphi environment. Rather, Delphi will be more convenient in our case than C ++. But this is just my humble opinion.
Well, first of all, let's try to figure out what the process list is and how it works. From a half-view it is clear that this is a regular window of the "SysListView32" class (list), which is refreshed at a rate of 2 frames per second (every 0.5 seconds). Let's look at the hierarchy of windows:
As you can see, the list of processes is, in fact, a regular window of the "SysListView32" class, which is a child of the "Processes" window (tab), which is also a child of the main window of the Task Manager. We only have a double level of nesting. In addition, the list has one child window of the "SysHeader32" class, which, as you might guess, is the header (field marker) for the process list.
Since this is a regular list, we have at our disposal a whole set of macros to control its contents. At first glance, their diversity is amazing. But many of them work only from the parent process, that is, in order to use them, we will need to simulate that they are executed in the parent process. But not everyone has this property, in particular, the ListView_DeleteItem macro, which deletes an item from the list box (class "SysListView32").
We will use it in the process our applications. This function receives the index of the element to be removed as the second parameter.
Now we need to somehow figure out what index is the item with the label of the hidden process in the task manager. To do this, we need to somehow pull out all the elements (labels with the names of processes) from the list of processes in the task manager and consistently compare them with the name of the process that we want to hide.
Using macros like ListView_GetItemText, our actions would be something like this:
1) Allocating a piece of memory in the task manager process (VirtualAllocEx)
2) Sending a message LVM_GETITEMTEXT (SendMessage) to the child window-list of the Task Manager
3) Writing to the allocated memory area of the Task Manager information about the list item (WriteProcessMemory)
4) Reading from the memory of the dispatcher the information that interests us about the process (ReadProcessMemory)
Using this method, you can easily "shoot yourself in the foot" by counting the offset bytes from the beginning of the various structures used in the code. Also, this method will be quite difficult for those who are not particularly deep in WinAPI, so we will immediately put it aside. Elsewhere, find an implementation this method on the Internet will not be difficult. Instead, I will suggest that you create your own list of processes, and already navigating in it, look for the coveted process index in the list of processes in the Task Manager.
Microsoft decided not to worry too much about the tool called "Task Manager" and used the usual WinAPI functions to get all the processes on the system. We look superficially taskmng.exe under the debugger:
We see the use of the WinAPI function CreateToolHelp32SnapShot.
Everyone knows that "this function can be used not only to get a snapshot of processes, but also the threads of a process or modules, for example. But in this case it is unlikely. It is unlikely that something like an enumerator of processes (EnumProcesses) will be used here.
We stopped at the fact that we want to form our own list of processes and look for our process in it. To do this, we will use the function that we found in the debugger. If we open the Task Manager on the Processes tab, we will notice that all processes are sorted alphabetically for ease of search. Hence, we need to get a list of the names of all processes in the system. and sort them alphabetically ascending... Let's start writing code in Delphi.
First, let's create a demo window application with two timers: the first will re-form the list with processes at the same frequency as the Windows Task Manager does (every two seconds); the second will fire 1000 times per second and will serve to track the update of the list of processes in the manager and, therefore, the appearance of our hidden process. We will also add a button to the form.
Code:
var ind: integer; h: Thandle; last_c: integer; procedure UpdateList (); var th: THandle; entry: PROCESSENTRY32; b: boolean; i, new_ind: integer; plist: TStringList; begin // Process list plist: = TStringList.Create; // Form a list of processes th: = CreateToolHelp32SnapShot (TH32CS_SNAPPROCESS, 0); entry.dwSize: = sizeof (PROCESSENTRY32); b: = Process32First (th, entry); while (b) do begin plist.Add (entry.szExeFile); b: = Process32Next (th, entry); end; // Sort it so that the item indices // match those in the task manager plist.Sort; last_c: = plist.Count; // Find the index of our process "explorer.exe" for i: = 1 to plist.Count-1 do if (LowerCase (plist [i]) = "explorer.exe") then new_ind: = i-1; // Remove an object from the list if (new_ind<>ind) then ListView_DeleteItem (h, ind); ind: = new_ind; plist.Free; // Start the timer for tracking updates in the process list if (Form1.Timer2.Enabled = false) then Form1.Timer2.Enabled: = true; end; procedure TForm1.HideProcessButton (Sender: TObject); begin // Looking for a child window of the "SysListView32" class h: = FindWindow (nil, "Windows Task Manager"); h: = FindWindowEx (h, 0, nil, "Processes"); h: = FindWindowEx (h, 0, "SysListView32", nil); // Start the timer for re-forming the list of processes Timer1.Enabled: = true; end; procedure TForm1.Timer1Timer (Sender: TObject); begin UpdateList (); end; procedure TForm1.Timer2Timer (Sender: TObject); begin // Search for changes in the list if (ListView_GetItemCount (h)> last_c) then ListView_DeleteItem (h, ind); last_c: = ListView_GetItemCount (h); end;Here, in fact, is all the code.
Let's hide, for example, in the Task Manager the process of the Task Manager itself:
Here it is:
And by clicking on the "Hide process" button, the process disappears from the list:
All traces of its presence in the system are erased, and it itself is quietly executed in normal mode somewhere in the depths of the processor :)
Outro
Well, I think this method deserves to exist, although it requires minor improvements. Yes, of course, it cannot hide the process from the system itself, but hiding it in the standard Windows tool, which is used by the lion's share of all users, is also not bad.I hope I managed to get you at least a little interested in this topic.
See you later! And may the power of anonymity be with you ...
Tags: