|
Thanks again for your answer and the nice piece of code.
|
|
|
|
|
Oh, one of those -- an excellent exercise.
According to the file date, I wrote the following last October (probably in response to a post here):
namespace PIEBALD.Lib.LibExt.Convert
{
public interface IConvert
{
double Convert ( double Value ) ;
}
public enum Language
{
CSharp
,
VisualBasic
}
[System.AttributeUsageAttribute(System.AttributeTargets.Field , AllowMultiple=false , Inherited=false)]
public sealed class ConverterAttribute : System.Attribute
{
public ConverterAttribute
(
string Function
,
Language Language
)
{
this.Function = Function ;
this.Language = Language ;
return ;
}
public string Function { get ; private set ; }
public Language Language { get ; private set ; }
}
public enum Conversion
{
[ConverterAttribute("Value * 2.54",Language.VisualBasic)]
FromInchToCentimeter
,
[ConverterAttribute("Value / 2.54",Language.VisualBasic)]
FromCentimeterToInch
,
[ConverterAttribute("( Value - 32.0 ) * 5.0 / 9.0",Language.CSharp)]
FromFahrenheitToCelsius
,
[ConverterAttribute("Value * 9.0 / 5.0 + 32.0",Language.CSharp)]
FromCelsiusToFahrenheit
}
public static class LibExt
{
private static readonly System.Collections.Generic.Dictionary<Conversion,IConvert> conversion ;
static LibExt
(
)
{
conversion = new System.Collections.Generic.Dictionary<Conversion,IConvert>() ;
return ;
}
private static void
Add
(
Conversion Conversion
)
{
System.Reflection.FieldInfo fi = typeof(Conversion).GetField
(
Conversion.ToString()
,
System.Reflection.BindingFlags.Public
|
System.Reflection.BindingFlags.Static
) ;
foreach
(
ConverterAttribute att
in
fi.GetCustomAttributes ( typeof(ConverterAttribute) , false )
)
{
string code = null ;
switch ( att.Language )
{
case Language.CSharp :
{
code = System.String.Format
(
@"
namespace Converter
{{
public class Converter : PIEBALD.Lib.LibExt.Convert.IConvert
{{
public double
Convert
(
double Value
)
{{
return ( {0} ) ;
}}
}}
}}
"
,
att.Function
) ;
break ;
}
case Language.VisualBasic :
{
code = System.String.Format
(
@"
namespace Converter
public class Converter
implements PIEBALD.Lib.LibExt.Convert.IConvert
public function Convert ( byval Value as double ) as double _
implements PIEBALD.Lib.LibExt.Convert.IConvert.Convert
return ( {0} )
end function
end class
end namespace
"
,
att.Function
) ;
break ;
}
}
System.Reflection.Assembly assm = PIEBALD.Lib.LibSys.Compile
(
code
,
att.Language.ToString()
,
System.Reflection.Assembly.GetExecutingAssembly().Location
) ;
conversion [ (Conversion) fi.GetValue ( null ) ] =
(IConvert) assm.CreateInstance ( "Converter.Converter" ) ;
}
return ;
}
public static double
Convert
(
this double Value
,
Conversion Conversion
)
{
if ( !conversion.ContainsKey ( Conversion ) )
{
Add ( Conversion ) ;
}
return ( conversion [ Conversion ].Convert ( Value ) ) ;
}
}
}
Obviously it's not extensible they way you want, but it may give you some ideas.
You should also look at this[^].
May the force be with you.
|
|
|
|
|
Hi, I can currently kill any process by looping through them. I also want to be able to kill hidden processes but no success even though I googled it. As you may guess, the programs that I want to kill don't show up in the task manager nor in GetProcesses(). Have any idea about how to solve?
|
|
|
|
|
AFAIK there are no hidden processes; assuming you clicked the "show processes from all users" button or checkbox, TaskManager shows all of them. You may be unable to get information or kill some of them though, as processes that aren't yours are protected from your prying eyes.
Luc Pattyn [Forum Guidelines] [My Articles] Nil Volentibus Arduum
Please use <PRE> tags for code snippets, they preserve indentation, improve readability, and make me actually look at the code.
|
|
|
|
|
Good answer, gets my vote.
"Real men drive manual transmission" - Rajesh.
|
|
|
|
|
Thanks Rajesh.
Luc Pattyn [Forum Guidelines] [My Articles] Nil Volentibus Arduum
Please use <PRE> tags for code snippets, they preserve indentation, improve readability, and make me actually look at the code.
|
|
|
|
|
That's not 100% accurate mate. You can get hidden processes, but they take some real effort to develop. Typical examples of hidden processes are rootkits where the rootkit is right down at the kernel level and can intercept process list requests.
|
|
|
|
|
I admit one can do such things, however I do avoid the R word, and didn't want to venture into that direction at all.
Luc Pattyn [Forum Guidelines] [My Articles] Nil Volentibus Arduum
Please use <PRE> tags for code snippets, they preserve indentation, improve readability, and make me actually look at the code.
|
|
|
|
|
I've just ventured there with Rajesh because I feel that bald statements about hidden processes can be dangerous and can lead to misconceptions about the power of task manager.
|
|
|
|
|
Stop Rajesh making bald statements? I wish you good luck.
Luc Pattyn [Forum Guidelines] [My Articles] Nil Volentibus Arduum
Please use <PRE> tags for code snippets, they preserve indentation, improve readability, and make me actually look at the code.
|
|
|
|
|
|
Wow.....it's a good article BAB
|
|
|
|
|
You can kill MOST processes, not ANY process. If you're a normal user, you can only kill processes that your account launched. Even as an Admin, you cannot kill processes running under SYSTEM, nor any process above an Admin account.
|
|
|
|
|
It's very simple:
if(!isSystemCriticalProcess && userUnderWhichYourAppRunsHasRights){
showProcess = true;
canKill = true;
}
|
|
|
|
|
d@nish wrote: if(!isSystemCriticalProcess && userUnderWhichYourAppRunsHasRights){ showProcess = true; canKill = true; }
Thanks. I looked for what you gave me but couldn't find the showProcess and cankill properties. Could you be more specific?
|
|
|
|
|
Sorry, I was merely stating that you can see and kill a process only if it is not a system critical process and the user under whose credentials the application runs has the rights.
|
|
|
|
|
Firstly, there is NO process that will NOT be listed in task manager (assuming you've enabled "show processes from all users", and assuming you're not using some stone age version of Windows). There is basically no straight way for a process to "hide" itself from task manager.
You could do some highly esoteric stuff like patching the Kernel, and routing all the API calls through your layer of code, and filtering out the calls that are related to enumerating running processes, and then altering the enumerated result to hide your process... But there's Kernel Patch Protection, and that's going to give you a hard time.
But if you meant that you want to kill processes that are running under the system account, Dave and Luc have answered that question correctly.
Otherwise, short answer: Wrong question!
"Real men drive manual transmission" - Rajesh.
|
|
|
|
|
Rajesh R Subramanian wrote: there is NO process that will NOT be listed in task manager
Ahem. Rootkits do this quite successfully. Perhaps it's more accurate to say there is no kernel level process that will not be listed.
|
|
|
|
|
Pete O'Hanlon wrote: Rootkits do this quite successfully.
I explained that in my post. You need to patch the kernel to achieve that.
Pete O'Hanlon wrote: Perhaps it's more accurate to say there is no kernel level process that will not be listed.
No, there's no distinction at all. NO process can hide itself from being listed in task manager, with no regards to whether or not it is run at the kernel level.
"Real men drive manual transmission" - Rajesh.
|
|
|
|
|
Rajesh R Subramanian wrote: NO process can hide itself from being listed in task manager, with no regards to
whether or not it is run at the kernel level.
But that's exactly what a rootkit can do. Basically, it can intercept a call to list processes, and return a list of all processes other than itself. Task manager is a poor application to use to detect these things. An excellent article on rootkits can be found here[^]. (Take a look at figure 3, and the explanation beside it - it's particularly revealing for showing how to detect rootkits).
|
|
|
|
|
Pete O'Hanlon wrote: But that's exactly what a rootkit can do.
Yes, which is what I said too. Rootkit is just a fancy name. Whatever name is given to it, the ONLY way to achieve it is to patch the kernel. And I had to state that there's no regards to which ring the process is run at, because it doesn't matter - the enumeration will contain all the processes.
Pete O'Hanlon wrote: Basically, it can intercept a call to list processes, and return a list of all processes other than itself.
Like I said, I already explained this in my first reply to the OP.
Pete O'Hanlon wrote: Task manager is a poor application to use to detect these things.
Well, yes. Because task manager was never developed to detect such things.
I'll take a look at the article, but I write code for an anti-virus company, and stroll through, and debug code that has to fight with malware of all sorts on a daily basis.
"Real men drive manual transmission" - Rajesh.
|
|
|
|
|
Fair enough - you're an expert in this side, but you did state quite clearly that "there is NO process that will NOT be listed in task manager". That's pretty unequivocal, and perhaps you've got some nuance that I'm not aware of, but we've gone from no process to no unpatched kernel process, which is not the same thing (yes I appreciate that you clarified in your original answer, but the fact remains that there is are processes that will not be listed - and a bald first statement like that leads to people assuming this is true in all cases). I know it seems like I'm splitting hairs here, but there is a difference, and I am nothing if not anal about these things.
|
|
|
|
|
Well, my point is that after you patch the kernel, it is not Windows anymore - it's not task manager anymore. The OS itself is a virus, because all the calls to the kernel are intercepted and can be "adjusted" by the patch code.
OK, may be I should have said: "On a machine with kernel that hasn't been patched or infected by malicious code, it's impossible for a process to hide from the task manager".
And, you sir are anal about things. But there's nothing wrong with it, because serious programmers WILL BE anal about things. As a fellow-nerd, I can appreciate it.
"Real men drive manual transmission" - Rajesh.
|
|
|
|
|
By what method have they been hidden?
|
|
|
|
|
It's not method that hides. There are two games KnightOnline and Metin2 that are not shown in Processes list and task manager. So, as I can't see them in Processes I can't close them.
|
|
|
|
|