Reverse Code Engineering RCE CD +sandman 2000

home *** CD-ROM | disk | FTP | other *** search

/ Reverse Code Engineering RCE CD +sandman 2000 / ReverseCodeEngineeringRceCdsandman2000.iso / RCE / LordLucifer / win32asm / tutorials / hide1.txt < prev next >

Wrap

Text File | 2000-05-25 | 4KB | 104 lines

Hiding your program from the Ctrl+Alt+Del list ----------------------------------------------------------------------------- by lord lucifer Thursday, June 24, 1999 Introduction: ----------------------------------------------------------------------------- Here's a question that I have seen a lot. To accomplish this, you need to resister the program as a service, by passing its process ID to the RegisterService() function. This method makes use of the API GetProcAddress to get the function pointer for RegisterServiceProcess API. This function pointer is then used to call the RegisterServiceProcess function. Hiding the Application: ----------------------------------------------------------------------------- ; defined in the data section szKernel32 db "Kernel32.dll",0 szRSP db "RegisterServiceProcess",0 ; code to hide application from alt+ctrl+del push offset szKernel32 call GetModuleHandle ; get the handle of kernel32.dll push offset szRSP push eax call GetProcAddress ; get the address of the function mov ebx, eax ; save the pointer into ebx call GetCurrentProcessId ; get the current process's id push 1 ; 1 = Register as Service push eax ; process id call ebx ; call RegisterServiceProcess Cleaning Up: ----------------------------------------------------------------------------- You should always call RegisterServiceProcess again (using the previously described methods), but instead passing a 0 for the dwType argument, so that your program will unregister itself, and frees up its resources. ; code to un-hide application from alt+ctrl+del push offset szKernel32 call GetModuleHandle ; get the handle of kernel32.dll push offset szRSP push eax call GetProcAddress ; get the address of the function mov ebx, eax ; save the pointer into ebx call GetCurrentProcessId ; get the current process's id push 0 ; 0 = UnRegister as Service push eax ; process id call ebx ; call RegisterServiceProcess RegisterServiceProcess: ----------------------------------------------------------------------------- The RegisterServiceProcess function registers or unregisters a service process. A service process continues to run after the user logs off. To call RegisterServiceProcess, retrieve a function pointer using GetProcAddress on KERNEL32.DLL. Use the function pointer to call RegisterServiceProcess. DWORD RegisterServiceProcess( DWORD dwProcessId, DWORD dwType ); Parameters dwProcessId Specifies the identifier of the process to register as a service process. Specifies NULL to register the current process. dwType Specifies whether the service is to be registered or unregistered. This parameter can be one of the following values. Value Meaning 0 Unregisters the process as a service process. 1 Registers the process as a service process. Return Values The return value is 1 if successful or 0 if an error occurs. ----------------------------------------------------------------------------- (C) 1999 Lord Lucifer lord-lucifer@usa.net