Detailed description of process Hiding Technology

Q: How can I run a program in the background ?? Help !!! Is there any way or software that allows the program to run in the background without a window popped up ??? (I am using a windows system)

A: Do you feel annoyed if you have opened many programs or when many windows are displayed on the webpage? If you do not want to bring up a window, minimize it. Naturally, the window will not pop up. It is also running in the background, and there is no pop-up window, but the question you asked may not be simple proof, we can extend:
Question Extension: Whether you have opened many programs, or many windows are displayed after the webpage, and there are many window icons in the taskbar. These are very annoying, you must also remove these windows.

1. The window attributes related to the software development process are originally set accordingly. For example, hero, qq, they can all implement "windows always run at the beginning" in the software's functional items, just remove it. For example, Serv-U consists of two parts: Engine and user interface. Serv-uengine (servudaemon.exe) is actually a resident background program, and is also the heart of the Serv-U software. It is responsible for processing FTP commands from various FTP client software, it is also responsible for executing various file transfer software. In begin, we can stop and start it. In addition, to hide itself, the Server of the Trojan program must not display itself in the taskbar or system process controller in the design, without affecting the normal operation of other programs, when the user's computer is disconnected, the Server segment will not send any information to the preset port, but will automatically detect the network status until the network is connected, the Server sends system information to the Client by email or other means, and receives requests sent from the Client.

2. For qq users. To hide it? For fear of seeing leaders or elders. Do you want to hide the icon in the QQ taskbar if someone finds it? The answer is yes. It is very simple. Start QQ and click the main menu in the lower-left corner of the QQ window. Select "System Parameters" from the shortcut menu to bring up the "QQ parameter settings" dialog box, in the "parameter settings" tab, deselect the "display icon in the taskbar" and "auto pop-up information" options, and select "use hotkey" option, you can also select "Custom hotkeys" to define your own hotkeys. In the "sound settings" tab, select "turn off sound" in "sound switch ". In addition, click QQ to pull it to the top of the screen, and it will automatically hide it! 'Place the cursor at that position and then it will come out.

3. You can use software to completely hide other users who are afraid of seeing them at work or in class.
The "Taskbar" is a gray area at the bottom of the Windows desktop, with the "Start" button on the left and a small window display time, input method, and other icons on the right, also known as the system tray. Depending on the operating system and software installation and configuration, the "Taskbar" has different icons. You can also customize the "Taskbar" content based on your needs and preferences. Windows taskbar has the Auto Hide function: Right-click the blank area of the taskbar, select "properties", select the check box before "Auto Hide Taskbar", and click "OK" to exit. However, this feature is always not perfect, because the taskbar is not well hidden and there will always be a line (with a "tail" exposed) at the bottom of the screen, which may cause some work troubles, for example, if you want to use the Print Screen key, remove the line. A free software named TaskbarHide found on the Internet. Its main program is more than 200 KB and the latest version is 1.2b, http://home4.inet.tele.dk/mbresson/tbhide/tbhid12b.zip.
After downloading the file, you can obtain a compressed package with only three files. decompress the package and double-click the execution file. You will find the T icon at the system tray on the far right of the taskbar, at the same time, you will see that the taskbar has been automatically hidden and completely hidden without any trace. When we move the mouse to the bottom of the screen, the taskbar will automatically pop up, much more sensitive than the original!
If you want to stop Auto Hide, you only need to click the T icon, which is much more convenient than the original one. If you want to exit TaskbarHide, right-click the T icon and select the Close command from the pop-up menu. With TaskbarHide, you can lay off the built-in taskbar hiding function in Windows!

4. For programmers, let the program hide to the background by pressing a combination of keys, and then press again to go to the foreground.
It can be implemented through hide and show. First, let's look at a term. The system tray is a very small area on the taskbar. The program hidden there only displays small icons. For example, when your Outlook receives a new email. The taskbar is a ToolBar that runs through the screen ). The program icon is put there. To hide the taskbar icon, you can use Application-> Handle to call the API function.
ShowWindow.

ShowWindow (Application-> Handle, SW_HIDE );

You want to re-display the icon, simply change SW_HIDE and replace it with SW_SHOW.

ShowWindow (Application-> Handle, SW_SHOW );

Note: you can hide it by setting the value of the Visible attribute of the main form to false.

Note: hiding the taskbar icon with ShowWindow does not last long. Several actions will re-display the taskbar icon. You can move the task bar icon of the program and make it no longer appear, that is, make the window of the application program a Tool window (Tool Windows ). There is no taskbar icon in the tool window, but the disadvantage is that the program will not appear in ALT + TAB. The application window programming tool window uses the API functions GetWindowLong and SetWindowLong

WINAPI WinMain (HINSTANCE, HINSTANCE, LPSTR, int)
{
DWORD dwExStyle = GetWindowLong (Application-> Handle, GWL_EXSTYLE );
DwExStyle | = WS_EX_TOOLWINDOW;
SetWindowLong (Application-> Handle, GWL_EXSTYLE, dwExStyle );

Try
{
Application-> Initialize ();
Application-> CreateForm (_ classid (TForm1), & Form1 );
Application-> Run ();
}
Catch (Exception & exception)
{
Application-> ShowException (& exception );
}
Return 0;
}

5. For hackers, the hidden technology of trojan programs is of course very popular.
Most Trojans must be hidden on the server side to avoid being discovered. Let's see how Trojans are hidden. When it comes to hiding, you must first understand three related concepts: Processes, threads, and services. Let me give a brief explanation.
Process: A normal Windows application generates a process in the system after running. At the same time, each process corresponds to a different PID (Progress ID, process identifier) this process will be allocated a virtual memory space address segment by the system, and all related program operations will be carried out in this virtual space.
Thread: A process can have one or more threads. Multiple operations are performed simultaneously between threads. Generally, threads are independent of each other. When a thread encounters an error, it does not necessarily cause the entire process to crash.
Service: when a process works as a service, it will work in the background and will not appear in the task list. However, in Windows NT/2000, you can still use the service manager to check whether any service process is started.
To hide a Trojan's server, you can either hide it falsely or hide it. Pseudo-hiding means that the program's process still exists, but it just disappears into the process list. Hiding is to completely remove the program and do not work in a process or service.

The pseudo-hidden method is easier to implement. You only need to register the program on the Trojan server as a service. In this way, the program disappears from the task list, because the system does not regard it as a process, when Ctrl + Alt + Delete is pressed, this program will not be seen. However, this method is only applicable to Windows 9x systems. For Windows NT and Windows 2000, you can find the services you have registered in the system through the Service Manager. Is it true that the pseudo-hidden method cannot be used in Windows NT/2000? Of course, there is another way, that is, the API Interception Technology. By setting up a background system hook and intercepting PSAPI EnumProcessModules and other related functions, we can control the process and service traversal calls, when the process ID (PID) is detected as the server-side Process of the Trojan program, it is skipped directly. In this way, process hiding is realized. software such as Kingsoft and Kingsoft are using similar methods, the TextOutA and TextOutW functions are intercepted to capture screen output and implement real-time translation. Similarly, this method can be used to hide a process.
When the process is hidden, some of the Trojan's servers are running, so they should not have general processes or services. That is to say, they are completely integrated into the system kernel. Maybe you may wonder, isn't it just that a process will be generated after an application is running? Indeed, we can use it as a thread instead of an application, and the thread of other applications to inject itself into the address space of other applications. This application is an absolutely secure program for the system, which achieves a completely hidden effect. As a result, it increases the difficulty of scanning and killing hacker programs.
For the sake of security, I only provide a method to implement pseudo-hidden processes by registering a service program. For more complex and advanced hidden methods, such as remote thread insertion of other processes, see ShotGun's article. Hidden and detection of Trojan process in NT System (from http://www.patching.net)
WINAPI WinMain (HINSTANCE, HINSTANCE, LPSTR, int)

{

Try

{

DWORD dwVersion = GetVersion (); // obtain the Windows version
If (dwVersion> = 0x80000000) // Windows 9x hide the task list
{
Int (CALLBACK * rsp) (DWORD, DWORD );
HINSTANCE dll = LoadLibrary ("KERNEL32.DLL"); // load KERNEL32.DLL
Rsp = (int (CALLBACK

*) (DWORD, DWORD) GetProcAddress (dll, "RegisterSer