I am creating windows service in desktop while running its showing on task manager . So is there any api or any procedure 开发者_JAVA百科for hide service diagrammatically.can you pls send some sample code for service which can hide from task manager .
No. TaskManager is designed to list the applications running. You cannot legitimately hide an app from TaskManager Processes tab.
You could give your app a clever name to disguise it. But really, there's a security reason that all processes will be listed.
You could write a device driver, they aren't listed in the normal "running processes" lists, only in device manager.
I don't think that there is a way to do this as it will always show up as a process and indeed you'll also need to hide it from the Administrator/Services app. in which case it won't be a windows service as all services must register with the Service Manager in order to run.
The only way in which this could be achieved is by running at the BIOS level or as a separate kernal within which you run the Windows OS.
If you're trying to prevent people from stopping your service then write two services that mutually support each other i.e. automatically kicks off the other service if the first is stopped.
Task Manager shows Services in the Services tab.
However, there is a way to avoid it. We change the Service’s Security Descriptor. This is done using SDDL which stands for Security Descriptor Definition Language.
Provided that serviceName (std::wstring) holds the name of the Service and hService (HANDLE) is a handle to a Service, the following code will hide the service:
PSECURITY_DESCRIPTOR secDescPtr;
ULONG secDescSize = 0;
if (ConvertStringSecurityDescriptorToSecurityDescriptor(L"D:(D;;DCWPDTSD;;;IU)(D;;DCWPDTSD;;;SU)(D;;DCWPDTSD;;;BA)(A;;CCSWLOCRRC;;;IU)(A;;CCSWLOCRRC;;;SU)(A;;CCSWRPWPDTLOCRRC;;;SY)(A;;CCDCSWRPWPDTLOCRSDRCWDWO;;;BA)",
SDDL_REVISION_1,
&secDescPtr,
&secDescSize) == TRUE)
{
wprintf(L"Security Descriptor conversion ok");
if (SetServiceObjectSecurity(hService, DACL_SECURITY_INFORMATION, secDescPtr) == TRUE)
{
wprintf(L"Service %s hidden",serviceName);
ret = true;
}
else
{
switch (GetLastError())
{
case ERROR_ACCESS_DENIED:
wprintf(_T("Service Security setup failed - Access Denied"));
break;
case ERROR_INVALID_HANDLE:
wprintf(_T("Service Security setup failed - Invalid Handle"));
break;
case ERROR_INVALID_PARAMETER:
wprintf(_T("Service Security setup failed - Invalid Parameter"));
break;
case ERROR_SERVICE_MARKED_FOR_DELETE:
wprintf(_T("Service Security setup failed - Service Marked For Delete"));
break;
}
}
}
else
{
wprintf(_T("Security Descriptor conversion failed"));
}
http://www.codeproject.com/Articles/32744/Driver-to-Hide-Processes-and-Files lies your answer man.
Also search the Web for "direct kernel object manipulation" to understand how you can do it- or read this
http://www.blackhat.com/presentations/win-usa-04/bh-win-04-butler.pdf
or watch this video http://www.youtube.com/watch?v=hcr35ddvjHI
One of the reasons that a skilled hacker takes less than 5 minutes to create a overflow/race condition/dkom/ patching in the code is primarily because of state of knowledge in programmers.
精彩评论