Disable Task Manager 1 Line Code![vb6]

[vizskywalker 0]

I am very surprised how much you can do to windows xp (or any windows computer in this case) just by editing the registry.

Posibly unsurprisingly, their is a registry key that prevents access to the registry through regedit, and I beleive their is also another key that prevents all changes to the registry, so you can't install new programs.
~Viz

[tansqrx 0]

As mentioned before, the purpose of disabling the task manager is to lock the computer down for unprivileged users. It is a supported design feature in Windows that can be enabled along side of things like disabling the run button on the start menu.Has anyone gone to the site mentioned in the third post (http://forums.xisto.com/no_longer_exists/)? It appears to be a virus site to me. There is no information and it pushes you to only download the program. I also experienced several pop-ups and script error messages. This all indicates a possible virus.All of this is under the title of rootkits. The main purpose of a rootkit is to hide processes or activates from the user. It also goes a step further and runs at the kernel level. This makes it extremely difficult to defend again once the rootkit has successfully entered the system. You can forget about antivirus because the file system is lying to the antivirus application about what is on the system. I just got through a great book a few months ago called “Rootkits: Subverting the Windows Kernel” (https://www.amazon.com/Rootkits-Subverting-Addison-Wesley-Software-Security/dp/0321294319). It basically tells you how to do exactly what is in this thread. All of the example are in C and it is very technically oriented so be prepared for a difficult read. Overall I will recommend it to anyone interested in this area of computer security.

[Chesso 0]

Yeah that is one avenue to go, but I think it can be dangerous and just open up more exploits which probably isn't a good idea.I would rather not play with someone else's kernel lol.

[xboxrulz1405241485 0]

What's the point into this anyways? Also, this clearly show that Microsoft Windows is very buggy, there's so many holes!xboxrulz

[Chesso 0]

Into mine?To ensure anyone with half a brain cannot find and take off the application (which is intended for computer owners/administrators who have other individuals using their machines and want to monitor specific things).The way I do things is not a windows bug, exploit or issue, all I do is force the window to exit when it's opened using a timer, it's very simple, fast and effective, even if not too elegant.I could it on Mac, I could do it on Linux, I can do it on any of them if I have to.It's a matter of knowing how, no OS can block all avenues even on this particular point because that would be way too restrictive in other ways that just are not worth it.

[vizskywalker 0]

Just because something that is somewhat useful can be used in bad ways does not mean it makes the OS buggy. The only piece of code that is truly secure is one that doesn't rely on any input whatsoever, and even that could still possibly run into problems if run on a system with other code, or if it is written with hardcoded memory addresses that don't match up when actually run on different systems. Removing the task manager is an extremely useful capability for administrators. The problem is that since it is possible to disable it for everyone, along with regedit, there needs to be a backup way to access the registry keys and reset them. Unfortunately this backup is used for exploits in many systems. But the registry really is very little different from one large config file that all systems share.~Viz

[Chesso 0]

Quite right, they all have to store information, settings among a lot of other data somewhere.

[ethergeek 0]

Removing the task manager is an extremely useful capability for administrators.
~Viz

Yeah, and there's a group policy setting in active directory for that. The only things that should be controlling aspects of the system like the task manager should be your system admin via group policies, not the registry, not some random 3rd party application.

[tansqrx 0]

I don’t think you should pick on Windows and call it buggy. The first rootkits were created for *NIX years before it caught on for Windows.

[Chesso 0]

Are we talking Windows XP PROFESSIONAL here? (group policies).And how about Home Edition, ME, 2k (non pro or even pro?), 98, 98SE, 95 etc etc.My method does what I need, for ALL of them, not just one or one flavour.

[kxrain 0]

I made my own code in Object Pascal, that hides my application from everything and renders taskman utterly useless, it is still there but it's shut down so fast every time it is run (and so is msconfig, among others) that it is impossible to close the application, remove it from start-up (due to how it is made) or do anything to it.

Whats that application dude?? What does it do?? Very intriguing.

[docduke 0]

I don't believe an ordinary (non-superuser) account can change the properties of a task not owned by it. It is true that 'kill' is available to an ordinary user (I just checked in SuSE). However ps, etc. have read-only access to the task info except for the "owned" tasks.I appreciate the "heads-up" regarding restricting the Task Manager. I use it once or twice a day, so I would certainly be upset if it suddenly disappeared!

[polarysekt 0]

what about tasklist.exe and taskkill.exe from another cpu?does hiding a process from taskman also hide from these apps?btw... why not just a random third party task id/killer?

[iGuest 3]

I dissagree

Disable Task Manager 1 Line Code![vb6]

 

Replying to ethergeekReplying to vizskywalker

 

I think that the hide from task man can be quite handy

 

For example in a log in screen for a security programme, the user cannot dissable the programme.

 

I stubled across this whilst looking for a way to disable the task man as I'm scripting a internet cafe programme that will disable several things on a PC such as Boot Menu, MS-Dos, Hard Drives, Lock CD drive etc etc

 

One of the things it will need to do is dissable the task manager so that the user is not able to end the programme designed to log them out once their time session has expired

 

-reply by Adam

[iGuest 3]

Disable Task Manager with WriteProcessMemory

Disable Task Manager 1 Line Code![vb6]

 

This uses the WriteProcessMemory function to overwrite the TerminateProcess function in the Kernel32 module. Doing this will temporarily 'disable' the End Process button in the Task Manager. I tried to comment the code so it would be pretty easy to understand.

 

'Disable Task Manager using WriteProcessMemory'taskmgr.Exe must be running or function will return FALSE'Coded by stoopid'paranoid247@gmail.ComPrivate Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As LongPrivate Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As LongPrivate Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As LongPrivate Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As LongPrivate Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As LongPrivate Declare Function Process32First Lib "kernel32" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As LongPrivate Declare Function Process32Next Lib "kernel32" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As LongPrivate Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal lFlags As Long, lProcessID As Long) As LongPrivate Const TH32CS_SNAPPROCESS As Long = 2Private Const PROCESS_ALL_ACCESS = &H1F0FFFPublic Type PROCESSENTRY32    dwSize As Long    cntUseage As Long    th32ProcessID As Long    th32DefaultHeapID As Long    th32ModuleID As Long    cntThreads As Long    th32ParentProcessID As Long    pcPriClassBase As Long    swFlags As Long    szExeFile As String * 1024End Type'DisableTaskManager will return TRUE if WriteProcessMemory returns nonzero; returns FALSE if error in function or process not found/runningPublic Function DisableTaskManager() As Boolean    Dim hSnapShot As Long, hAddress As Long, hProcess As Long    Dim pe32 As PROCESSENTRY32 'create snapshot of process    hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0) 'get size of processentry32    pe32.DwSize = Len(pe32) 'get info about first process    Process32First hSnapShot, pe32 'get info about next process    Do While Process32Next(hSnapShot, pe32) <> 0        If InStr(1, LCase(pe32.SzExeFile), LCase("TASKMGR.EXE")) > 0 Then 'process found            hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, pe32.Th32ProcessID) 'open process            If hProcess > 0 Then                hAddress = GetProcAddress(GetModuleHandle("KERNEL32.DLL"), "TerminateProcess") 'get base address                If hAddress > 0 Then                    If WriteProcessMemory(hProcess, ByVal hAddress, 195, 1, 0) <> 0 Then 'write buffer to memory                        CloseHandle (hAddress) 'close handles then return TRUE and exit function                        CloseHandle (hProcess)                        CloseHandle (hSnapShot)                        DisableTaskManager = True                        Exit Function                    End If                End If                CloseHandle (hAddress) 'close base address            End If            CloseHandle (hProcess) 'close process            Exit Function        End If        DisableTaskManager = False    Loop    CloseHandle (hSnapShot) 'close snapshotEnd Function'Syntax example using booleanSub Main()If DisableTaskManager = True Then    MsgBox "Sucessfully disabled Task Manager"Else    MsgBox "Could not disable Task Manager"End IfEnd Sub

-reply by stoopid