How To Hide Process From Task Manager Windows 10

I saw @Chris Smith respond and I decided to catechumen information technology to C#.

Here is the lawmaking, taken from hither, for a uncomplicated Winform awarding:
C# variation:

                      using Organisation;     using System.Collections.Generic;     using System.ComponentModel;     using System.Data;     using System.Drawing;     using Organization.Linq;     using Organization.Runtime.InteropServices;     using System.Security.AccessControl;     using System.Security.Master;     using System.Text;     using System.Threading.Tasks;     using System.Windows.Forms;  namespace Hide2 {     public partial grade Form1 : Course     {         [DllImport("advapi32.dll", SetLastError = true)]         static extern bool GetKernelObjectSecurity(IntPtr Handle, int securityInformation, [Out] byte[] pSecurityDescriptor,         uint nLength, out uint lpnLengthNeeded);          public static RawSecurityDescriptor GetProcessSecurityDescriptor(IntPtr processHandle)         {             const int DACL_SECURITY_INFORMATION = 0x00000004;             byte[] psd = new byte[0];             uint bufSizeNeeded;             // Telephone call with 0 size to obtain the actual size needed in bufSizeNeeded             GetKernelObjectSecurity(processHandle, DACL_SECURITY_INFORMATION, psd, 0, out bufSizeNeeded);             if (bufSizeNeeded < 0 || bufSizeNeeded > curt.MaxValue)                 throw new Win32Exception();             // Allocate the required bytes and obtain the DACL             if (!GetKernelObjectSecurity(processHandle, DACL_SECURITY_INFORMATION,             psd = new byte[bufSizeNeeded], bufSizeNeeded, out bufSizeNeeded))                 throw new Win32Exception();             // Use the RawSecurityDescriptor class from System.Security.AccessControl to parse the bytes:             return new RawSecurityDescriptor(psd, 0);         }          [DllImport("advapi32.dll", SetLastError = true)]         static extern bool SetKernelObjectSecurity(IntPtr Handle, int securityInformation, [In] byte[] pSecurityDescriptor);          [DllImport("kernel32.dll")]         public static extern IntPtr GetCurrentProcess();          [Flags]         public enum ProcessAccessRights         {             PROCESS_CREATE_PROCESS = 0x0080, //  Required to create a process.             PROCESS_CREATE_THREAD = 0x0002, //  Required to create a thread.             PROCESS_DUP_HANDLE = 0x0040, // Required to duplicate a handle using DuplicateHandle.             PROCESS_QUERY_INFORMATION = 0x0400, //  Required to retrieve certain information nigh a process, such as its token, exit lawmaking, and priority class (see OpenProcessToken, GetExitCodeProcess, GetPriorityClass, and IsProcessInJob).             PROCESS_QUERY_LIMITED_INFORMATION = 0x1000, //  Required to recollect certain data virtually a process (run across QueryFullProcessImageName). A handle that has the PROCESS_QUERY_INFORMATION access right is automatically granted PROCESS_QUERY_LIMITED_INFORMATION. Windows Server 2003 and Windows XP/2000:  This access right is not supported.             PROCESS_SET_INFORMATION = 0x0200, //    Required to set up certain data well-nigh a process, such every bit its priority course (meet SetPriorityClass).             PROCESS_SET_QUOTA = 0x0100, //  Required to set memory limits using SetProcessWorkingSetSize.             PROCESS_SUSPEND_RESUME = 0x0800, // Required to suspend or resume a process.             PROCESS_TERMINATE = 0x0001, //  Required to stop a process using TerminateProcess.             PROCESS_VM_OPERATION = 0x0008, //   Required to perform an operation on the address space of a process (see VirtualProtectEx and WriteProcessMemory).             PROCESS_VM_READ = 0x0010, //    Required to read retentiveness in a process using ReadProcessMemory.             PROCESS_VM_WRITE = 0x0020, //   Required to write to memory in a process using WriteProcessMemory.             DELETE = 0x00010000, // Required to delete the object.             READ_CONTROL = 0x00020000, //   Required to read data in the security descriptor for the object, not including the information in the SACL. To read or write the SACL, you must request the ACCESS_SYSTEM_SECURITY access right. For more information, see SACL Access Right.             SYNCHRONIZE = 0x00100000, //    The right to use the object for synchronization. This enables a thread to look until the object is in the signaled state.             WRITE_DAC = 0x00040000, //  Required to modify the DACL in the security descriptor for the object.             WRITE_OWNER = 0x00080000, //    Required to change the possessor in the security descriptor for the object.             STANDARD_RIGHTS_REQUIRED = 0x000f0000,             PROCESS_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xFFF),//    All possible access rights for a procedure object.         }         public static void SetProcessSecurityDescriptor(IntPtr processHandle, RawSecurityDescriptor dacl)         {             const int DACL_SECURITY_INFORMATION = 0x00000004;             byte[] rawsd = new byte[dacl.BinaryLength];             dacl.GetBinaryForm(rawsd, 0);             if (!SetKernelObjectSecurity(processHandle, DACL_SECURITY_INFORMATION, rawsd))                 throw new Win32Exception();         }          public Form1()         {             InitializeComponent();              // Become the current process handle             IntPtr hProcess = GetCurrentProcess();             // Read the DACL             var dacl = GetProcessSecurityDescriptor(hProcess);             // Insert the new ACE             dacl.DiscretionaryAcl.InsertAce(             0,             new CommonAce(             AceFlags.None,             AceQualifier.AccessDenied,             (int)ProcessAccessRights.PROCESS_ALL_ACCESS,             new SecurityIdentifier(WellKnownSidType.WorldSid, null),             fake,             zippo)             );             // Salve the DACL             SetProcessSecurityDescriptor(hProcess, dacl);         }     } }                  

Afterward running it as a express user, I tin't kill it from the task managing director, but as administrator.
I left the X button to be able to close it without an admin but it likewise possible to remove information technology.

The result:

Powershell variation:

          $source = @" using System; using Organisation.Collections.Generic; using Organization.ComponentModel; using System.Runtime.InteropServices; using System.Security.AccessControl; using System.Security.Chief;  namespace Hide2 {     public class myForm     {         [DllImport("advapi32.dll", SetLastError = true)]         static extern bool GetKernelObjectSecurity(IntPtr Handle, int securityInformation, [Out] byte[] pSecurityDescriptor,         uint nLength, out uint lpnLengthNeeded);          public static RawSecurityDescriptor GetProcessSecurityDescriptor(IntPtr processHandle)         {             const int DACL_SECURITY_INFORMATION = 0x00000004;             byte[] psd = new byte[0];             uint bufSizeNeeded;             // Telephone call with 0 size to obtain the actual size needed in bufSizeNeeded             GetKernelObjectSecurity(processHandle, DACL_SECURITY_INFORMATION, psd, 0, out bufSizeNeeded);             if (bufSizeNeeded < 0 || bufSizeNeeded > short.MaxValue)                 throw new Win32Exception();             // Classify the required bytes and obtain the DACL             if (!GetKernelObjectSecurity(processHandle, DACL_SECURITY_INFORMATION,             psd = new byte[bufSizeNeeded], bufSizeNeeded, out bufSizeNeeded))                 throw new Win32Exception();             // Apply the RawSecurityDescriptor form from System.Security.AccessControl to parse the bytes:             return new RawSecurityDescriptor(psd, 0);         }          [DllImport("advapi32.dll", SetLastError = true)]         static extern bool SetKernelObjectSecurity(IntPtr Handle, int securityInformation, [In] byte[] pSecurityDescriptor);          [DllImport("kernel32.dll")]         public static extern IntPtr GetCurrentProcess();          [Flags]         public enum ProcessAccessRights         {             PROCESS_CREATE_PROCESS = 0x0080, //  Required to create a procedure.             PROCESS_CREATE_THREAD = 0x0002, //  Required to create a thread.             PROCESS_DUP_HANDLE = 0x0040, // Required to duplicate a handle using DuplicateHandle.             PROCESS_QUERY_INFORMATION = 0x0400, //  Required to think certain data virtually a procedure, such every bit its token, get out lawmaking, and priority class (see OpenProcessToken, GetExitCodeProcess, GetPriorityClass, and IsProcessInJob).             PROCESS_QUERY_LIMITED_INFORMATION = 0x1000, //  Required to retrieve certain information about a procedure (run across QueryFullProcessImageName). A handle that has the PROCESS_QUERY_INFORMATION access correct is automatically granted PROCESS_QUERY_LIMITED_INFORMATION. Windows Server 2003 and Windows XP/2000:  This access right is non supported.             PROCESS_SET_INFORMATION = 0x0200, //    Required to set certain information about a process, such as its priority form (meet SetPriorityClass).             PROCESS_SET_QUOTA = 0x0100, //  Required to set memory limits using SetProcessWorkingSetSize.             PROCESS_SUSPEND_RESUME = 0x0800, // Required to append or resume a process.             PROCESS_TERMINATE = 0x0001, //  Required to terminate a process using TerminateProcess.             PROCESS_VM_OPERATION = 0x0008, //   Required to perform an operation on the address infinite of a process (encounter VirtualProtectEx and WriteProcessMemory).             PROCESS_VM_READ = 0x0010, //    Required to read retentiveness in a procedure using ReadProcessMemory.             PROCESS_VM_WRITE = 0x0020, //   Required to write to memory in a process using WriteProcessMemory.             DELETE = 0x00010000, // Required to delete the object.             READ_CONTROL = 0x00020000, //   Required to read information in the security descriptor for the object, not including the information in the SACL. To read or write the SACL, y'all must asking the ACCESS_SYSTEM_SECURITY access right. For more information, see SACL Access Right.             SYNCHRONIZE = 0x00100000, //    The right to employ the object for synchronization. This enables a thread to wait until the object is in the signaled land.             WRITE_DAC = 0x00040000, //  Required to alter the DACL in the security descriptor for the object.             WRITE_OWNER = 0x00080000, //    Required to modify the owner in the security descriptor for the object.             STANDARD_RIGHTS_REQUIRED = 0x000f0000,             PROCESS_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xFFF),//    All possible access rights for a process object.         }         public static void SetProcessSecurityDescriptor(IntPtr processHandle, RawSecurityDescriptor dacl)         {             const int DACL_SECURITY_INFORMATION = 0x00000004;             byte[] rawsd = new byte[dacl.BinaryLength];             dacl.GetBinaryForm(rawsd, 0);             if (!SetKernelObjectSecurity(processHandle, DACL_SECURITY_INFORMATION, rawsd))                 throw new Win32Exception();         }          public static void ProtectMyProcess()         {             // Get the current process handle             IntPtr hProcess = GetCurrentProcess();             // Read the DACL             var dacl = GetProcessSecurityDescriptor(hProcess);             // Insert the new ACE             dacl.DiscretionaryAcl.InsertAce(             0,             new CommonAce(             AceFlags.None,             AceQualifier.AccessDenied,             (int)ProcessAccessRights.PROCESS_ALL_ACCESS,             new SecurityIdentifier(WellKnownSidType.WorldSid, null),             simulated,             null)             );             // Save the DACL             SetProcessSecurityDescriptor(hProcess, dacl);          }     } } "@  Add-Type -TypeDefinition $Source -Linguistic communication CSharp    [ScriptBlock]$scriptNewForm = {     Add together-Type -AssemblyName System.Windows.Forms      $Course = New-Object system.Windows.Forms.Form     $Form.Text = "PowerShell form"     $Grade.TopMost = $true     $Class.Width = 303     $Grade.Meridian = 274      [void]$Form.ShowDialog()     $Form.Dispose() }    $SleepTimer = 200 $MaxResultTime = 120 $MaxThreads = 3  $ISS = [system.management.automation.runspaces.initialsessionstate]::CreateDefault() $RunspacePool = [runspacefactory]::CreateRunspacePool(1, $MaxThreads, $ISS, $Host) $RunspacePool.Open()  $Jobs = @()  $PowershellThread = [powershell]::Create().AddScript($scriptNewForm) $PowershellThread.RunspacePool = $RunspacePool $Handle = $PowershellThread.BeginInvoke() $Chore = "" | Select-Object Handle, Thread, object $Job.Handle = $Handle $Job.Thread = $PowershellThread $Job.Object = $computer $Jobs += $Job  [Hide2.myForm]::ProtectMyProcess()  <# ForEach ($Job in $Jobs){     $Chore.Thread.EndInvoke($Job.Handle)     $Job.Thread.Dispose()     $Job.Thread = $Null     $Job.Handle = $Nix } #>                  

Source: https://stackoverflow.com/questions/187983/how-do-i-hide-a-process-in-task-manager-in-c

Posted by: stoneclinking.blogspot.com

Share this post