Hide a C# program from the task manager?

Question

Is there any way to hide a C# program from the Windows Task Manager?

EDIT: Thanks for the overwhelming response! Well I didn\'t intend to do something spooky. Just w

Answer 1

Not that I'm aware of - and there shouldn't be. The point of the task manager is to allow users to examine processes etc.

If the user should be able to do that, they should be able to find your program. If they shouldn't be poking around in Task Manager, group policy should prevent that - not your program.

Answer 2

You could make your program a service and then it would appear as "svchost". There's a little more to it than that, but that should give you a hint to go in the right direction.

Answer 3

You shouldn't hide it, but you could prevent the user from killing the process.

See Chris Smith's answer to this question.

Answer 4

Don't mean to zombie this but i thought i could contribute some useful information

If you want to hide a application there a two methods (that i can think of atm).

They both have their ups and downs

[1] SSDT Table hooking - basically you have to set the MDL of the table to writeable, overwrite the address of NtQuerySystemInformation (iirc) with the address of your function and have it call the original function after filtering the results.

This method doesn't suit your needs very well because the hooking function would always need to be in memory and would involve writing a kernel mode driver. Its a fun thing to do but debugging is a pain because an exception means a BSOD.

[2] Direct Kernel Object Manipulation (DKOM) - the list of processes is a doubly linked list, with a kernel mode driver you can alter the pointers of the records above and below your process to point around yours. This still requires the use of a kernel mode driver but there are rootkits such as FU that can be easily downloaded that contain an exe and the service. The exe could be called from inside your application as a child process (in the released version of FU, at least the one I found, there was a bug which I had to fix where if the hidden application exited the computer would BSOD, it was a trivial fix).

This will thankfully be caught by almost any decent antivirus so if you are trying to do something sneaky you'll have to learn to get around that (hint: they use a binary signature)

I have not used method 1 ever but method 2 has worked for me from a VB.Net application.

A third possible option is to just create the application as a windows service, this will show up in task manager by default but I'm willing to bet that there is a way to tell it to not show up there since there are plenty of other services which don't show up in task manager.

Hope I helped a little, my advice is that if you are interested in this kind of stuff to learn C++.

Answer 5

I'm not aware of any way to hide it from the task manager, but you could just disguise it by making it show up as "svchost.exe". It'll get lumped in with all the others (there's usually several), and will become indistinguishable.