Hide or block the script form Task Manager Topic is solved

[Yatendra3192]

HI All,

In continuation to my time tracking project I run into a big problem employee of my comp. find out that they can close the script from Task manager so i try to find a way to hide script from task manager but all i get is "are you making a trojan or something? " so it's ok if they see are able to see the script in task manager but not able to close it only user with admin access can close the script.

Please help me improve my script so i can do that #NoTrayIcon only hide script from tray and taskbar

Code: Select all

#NoTrayIcon
#SingleInstance force
#InstallKeybdHook
#InstallMouseHook
#Persistent
SetWorkingDir, %A_ScriptDir%

idleLimit:= 180000 ; three min
SetTimer,  CloseOnIdle, % idleLimit+150

OnExit, ExitSub ; run some extra stuff before exiting

gosub,ddlx
WayfairMedia=WL Editing|Creative Brief|Image Association|VSP|Events Editing|Angle & Tilt|Batch Image Tickets||Batch PDF Tickets
PA=task1||task2|task3|task4|task5
SOUQ=Image||International|UAE
Finance=Invoice Ticketing(EU/US)||Payment|Credit Notes|Statement|Offshore Ticketing|WMS|Chargeback|Wizardview|No DFI
NOON=NOON1||

Gui -Sysmenu +LastFound +OwnDialogs +AlwaysOnTop
Gui, Add, Tab2,W450 h300, Continue/Start new Task|End a Running Task
Gui, Add, Text,, Select Task:
Gui, Add, DDL, w400 vDDL,Continue to work||Starting New task
Gui, Add, Text,, Select Type of Work:
Gui, Add, DDL,w400 vDDL2, QC|Production|other task
Gui, Add, Text,, Enter Unit Count:
Gui, Add, edit,w400 number vDDL3,
Gui, Add, Text,, Select Images or SKUs:
Gui, Add, DDL,w400 vDDL5, Images|SKUs
Gui, Add, Text,, Select Team and Subprocess:
Gui, Add, DDL,gAPLY W400 vDROPDOWN, %LST%
Gui, Add, DDL, W400 vLISTBOXM
Gui, Tab, 2
Gui, Add, Text,, Count of completed work:
Gui, Add, edit,w400 number vDDL8
GuiControl,1: Choose,dropdown,SOUQ  ;-- << preselect
gosub,aply
return

;-- this can be interessant instead using a very long line --
DDLX:
LST=
(Ltrim Join|
WayfairMedia
PA
SOUQ
Finance
NOON
)
return


APLY:
gui,1:submit,nohide
guicontrol,1:,LISTBOXM,|
listboxm=
If DROPDOWN=WayfairMedia
   LISTBOXM=%WayfairMedia%
If DROPDOWN=PA
   LISTBOXM=%PA%
If DROPDOWN=SOUQ
   LISTBOXM=%SOUQ%
If DROPDOWN=Finance
   LISTBOXM=%Finance%
If DROPDOWN=NOON
   LISTBOXM=%NOON%
guicontrol,1:,LISTBOXM,%LISTBOXM%

Gui, Tab  ; i.e. subsequently-added controls will not belong to the tab control.

Gui, Add, Button, Default xm, Input
Gui, +AlwaysOnTop
Gui, Show

return
GuiClose:
MsgBox, 16, Attandance Manager, You can not close the program
ButtonInput:
Gui, Submit, Hide
if ErrorLevel
    Run,search and run script.ahk
else
    MsgBox, You are %DDL% of %DDL2%. Your work count is %DDL3% and Your Process is %LISTBOXM% and Team is %DROPDOWN%

OneMinute := 60000 ; if you change this from 60000, then times will not accurately display in "hours and minutes"
OutputFileName := "TimeRecord.CSV"
OutputFileName2 := "TaskRecord.CSV"
ForceUpdate := false ; dont change this manually
BlockCount := 0 ; init to zero

SetTimer, CheckTime, %OneMinute% ; updates every 1 minute
FormatTime, BlockStartTime, , HH:mm tt ; initialise this
Return

CheckTime:
   FormatTime, TheDateToday,,MM-dd-yyyy
   BlockCount++

   CurrentResult := A_TimeIdlePhysical < OneMinute ? "Active" : "Idle" ; determine current activity state

   If ( (LastResult AND (CurrentResult != LastResult)) or ForceUpdate )
   {
      BlockTracker .= BlockTracker ? "`n" : "" ; add a carriage return if the var is not empty
      BlockTracker .= BlockStartTime . " " . LastResult . "= " . BlockCountFormatted ; add the string you requested

      IfNotExist, %OutputFileName% ; if the file doesn't already exist, write the column title line to it
         FileAppend, "Date"`,"Username"`,"Computername"`,"State"`,"Minutes at State"`,"State Start time"`n, %OutputFileName%

      FileAppend, "%TheDateToday%"`,"%A_UserName%"`,"%A_ComputerName%"`,"%LastResult%"`,"%BlockCount%"`,"%BlockStartTime%"`n, %OutputFileName%

     
      BlockCount := 0 ; reset this back to zero as the user switched states
      FormatTime, BlockStartTime, , HH:mm tt ; get the new time
   }
   
   LastResult := CurrentResult ; save this for next time the check is made
Return


CloseOnIdle:
	if (A_TimeIdlePhysical>=idleLimit)
	{
		ExitApp
	}
	else
	{
		SetTimer,CloseOnIdle, % idleLimit-A_TimeIdlePhysical+150
	}
return

ExitSub:
   OnExit, ; stop this calling itself a second time
   ForceUpdate := true ; force capture of most recent 'block' of activity
   GoSub, CheckTime ; run this one last time before exiting to capture the info in the csv file

IfNotExist, %OutputFileName2% ; if the file doesn't already exist, write the column title line to it
         FileAppend, "Date"`,"State Start time"`,"Choose Task"`,"Work Type"`,"Unit Count"`,"Image/Sku"`,"Completed Work"`,"Process"`,"Team"`n, %OutputFileName2%

FileAppend, "%TheDateToday%"`,"%BlockStartTime%"`,"%DDL%"`,"%DDL2%"`,"%DDL3%"`,"%DDL5%"`,"%DDL8%"`,"%LISTBOXM%"`,"%DROPDOWN%"`n, %OutputFileName2%

Return

^!y::
Run,"%A_ScriptFullPath%"
Return

^!q::
exitapp
Return

^!r::
Send ^!q
Send ^!y
Return

[MaxAstro]

I think you might have better success writing the script so as to be harder to close; check out the OnExit command. It's relatively easy to create a script that is very resistant to being closed.

[Yatendra3192]

I think you might have better success writing the script so as to be harder to close; check out the OnExit command. It's relatively easy to create a script that is very resistant to being closed.

Hi MaxAstro,

Yes, i also thought of that but it will interfere with other functionality of my script, so i'm looking for something like #NoTrayIcon function so it will not mess with my exit command i use for other purposes or some kind of process which is outside of AHK like close app only if it's Admin.

[MaxAstro]

You could have OnExit prompt for a password, so that you could close it manually if you needed to.

That all said, I highly doubt AHK provides any built in functionality to hide from Task Manager, and coding something like that would not be easy. Windows intentionally makes it very hard to hide a process from Task Manager.

[Yatendra3192]

You could have OnExit prompt for a password, so that you could close it manually if you needed to.

That all said, I highly doubt AHK provides any built in functionality to hide from Task Manager, and coding something like that would not be easy. Windows intentionally makes it very hard to hide a process from Task Manager.

"OnExit prompt for a password" It's nice idea i will try that Thank you and i dont need it to hide just don't want it to be closed by user from task manager he can close it from going thorugh the steps or AHK shortcut i have given to them so script do not crashes midway.

I just realize "OnExit prompt for a password" will prompt for password every time we close script but i just want it to be prompt when being closed from task manager

[MaxAstro]

I'm not sure the script can actually tell where it is being closed from. Although you do an end run at it - something like (pseudocode obviously) "OnExit: ifWinExist(Task Manager) DoPasswordPrompt"

[qwerty12]

EDIT: You're welcome

Hi,

it's ok if they see are able to see the script in task manager but not able to close it only user with admin access can close the script.

Paste the following functions in somewhere and call SetRestrictedDacl() on startup of your script. It's not foolproof: an admin can always kill the process (even without the explicit PROCESS_ALL_ACCESS granted to it) and given that the owner of the process is you, if a person knows how to re-add the process's missing rights back to its object, then there's nothing stopping them from doing so.

(Note: under default UAC settings, when Task Manager is launched it will automatically be elevated if your account is part of the Administrators group.)

Code: Select all

SetRestrictedDacl()
{
	ret := False

	hCurProc := DllCall("GetCurrentProcess", "Ptr")
	if (!DllCall("advapi32\OpenProcessToken", "Ptr", hCurProc, "UInt", TOKEN_QUERY := 0x0008, "Ptr*", hToken))
		return ret

	if (!_GetTokenInformation(hToken, TokenUser := 1, 0, 0, dwLengthNeeded))
		if (A_LastError == 122 && VarSetCapacity(TOKEN_USER, dwLengthNeeded)) ; ERROR_INSUFFICIENT_BUFFER
			if (_GetTokenInformation(hToken, TokenUser, &TOKEN_USER, dwLengthNeeded, dwLengthNeeded)) {
				SECURITY_MAX_SID_SIZE := 68
				SIDs := {"WinWorldSid": "1", "WinLocalSystemSid": "22", "WinBuiltinAdministratorsSid": "26"}
				for k, v in SIDs {
					SIDs.SetCapacity(k, (cbSid := SECURITY_MAX_SID_SIZE))
					if (!DllCall("advapi32\CreateWellKnownSid", "UInt", v+0, "Ptr", 0, "Ptr", SIDs.GetAddress(k), "UInt*", cbSid)) {
						DllCall("CloseHandle", "Ptr", hToken)
						return ret
					}
				}

				EA := [{ "grfAccessPermissions": PROCESS_ALL_ACCESS := (STANDARD_RIGHTS_REQUIRED := 0x000F0000) | (SYNCHRONIZE := 0x00100000) | 0xFFFF ; 0xFFF for XP and 2000
						,"grfAccessMode":        GRANT_ACCESS := 1
						,"grfInheritance":       NO_INHERITANCE := 0
						,"TrusteeForm":          TRUSTEE_IS_SID := 0
						,"TrusteeType":          TRUSTEE_IS_WELL_KNOWN_GROUP := 5
						,"ptstrName":            SIDs.GetAddress("WinLocalSystemSid")}
					  ,{ "grfAccessPermissions": PROCESS_ALL_ACCESS
						,"grfAccessMode":        GRANT_ACCESS
						,"grfInheritance":       NO_INHERITANCE
						,"TrusteeForm":          TRUSTEE_IS_SID
						,"TrusteeType":          TRUSTEE_IS_WELL_KNOWN_GROUP
						,"ptstrName":            SIDs.GetAddress("WinBuiltinAdministratorsSid")}
					  ,{ "grfAccessPermissions": PROCESS_QUERY_LIMITED_INFORMATION := 0x1000 | PROCESS_CREATE_PROCESS := 0x0080
						,"grfAccessMode":        GRANT_ACCESS
						,"grfInheritance":       NO_INHERITANCE
						,"TrusteeForm":          TRUSTEE_IS_SID
						,"TrusteeType":          TRUSTEE_IS_USER := 1
						,"ptstrName":            NumGet(TOKEN_USER,, "Ptr")} ; user script is running under
					  ,{ "grfAccessPermissions": PROCESS_ALL_ACCESS
						,"grfAccessMode":        DENY_ACCESS := 3
						,"grfInheritance":       NO_INHERITANCE
						,"TrusteeForm":          TRUSTEE_IS_SID
						,"TrusteeType":          TRUSTEE_IS_WELL_KNOWN_GROUP
						,"ptstrName":            SIDs.GetAddress("WinWorldSid")}]

				padding := A_PtrSize == 8 ? 4 : 0
				cbEXPLICIT_ACCESS_W := (4 * 3) + padding + (A_PtrSize + (4 * 3) + padding + A_PtrSize)
				VarSetCapacity(EXPLICIT_ACCESS_W, cbEXPLICIT_ACCESS_W * EA.MaxIndex(), 0)
				for i, v in EA {
					thisEA := cbEXPLICIT_ACCESS_W * (i - 1)
					NumPut(v.grfAccessPermissions, EXPLICIT_ACCESS_W, thisEA, "UInt")
					NumPut(v.grfAccessMode, EXPLICIT_ACCESS_W, thisEA + 4, "UInt")
					NumPut(v.grfInheritance, EXPLICIT_ACCESS_W, thisEA + (4 * 2), "UInt")
					NumPut(v.TrusteeForm, EXPLICIT_ACCESS_W, thisEA + ((4 * 3) + padding + A_PtrSize + 4), "UInt")
					NumPut(v.TrusteeType, EXPLICIT_ACCESS_W, thisEA + ((4 * 3) + padding + A_PtrSize + (4 * 2)), "UInt")
					NumPut(v.ptstrName, EXPLICIT_ACCESS_W, thisEA + ((4 * 3) + padding + A_PtrSize + (4 * 3) + padding), "Ptr")				
				}
						
				if (!DllCall("advapi32\SetEntriesInAcl", "UInt", EA.MaxIndex(), "Ptr", &EXPLICIT_ACCESS_W, "Ptr", 0, "Ptr*", pNewDacl)) {
					ret := !DllCall("Advapi32\SetSecurityInfo", "Ptr", hCurProc, "UInt", SE_KERNEL_OBJECT := 6, "UInt", DACL_SECURITY_INFORMATION := 0x00000004, "Ptr", 0, "Ptr", 0, "Ptr", pNewDacl, "Ptr", 0)
					DllCall("LocalFree", "Ptr", pNewDacl, "Ptr")
				}
			}
	
	DllCall("CloseHandle", "Ptr", hToken)
	return ret
}

_GetTokenInformation(TokenHandle, TokenInformationClass, ByRef TokenInformation, TokenInformationLength, ByRef ReturnLength, _tokenInfoType := "Ptr") {
	return DllCall("advapi32\GetTokenInformation", "Ptr", TokenHandle, "UInt", TokenInformationClass, _tokenInfoType, TokenInformation, "UInt", TokenInformationLength, "UInt*", ReturnLength)
}

[Yatendra3192]

Hi,
Paste the following functions in somewhere and call SetRestrictedDacl() on startup of your script. It's not foolproof: an admin can always kill the process (even without the explicit PROCESS_ALL_ACCESS granted to it) and given that the owner of the process is you, if a person knows how to re-add the process's missing rights back to its object, then there's nothing stopping them from doing so.

(Note: under default UAC settings, when Task Manager is launched it will automatically be elevated if your account is part of the Administrators group.)

Thank you so much qwerty12 this is exactly what i needed