Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
So this question is kind of interesting, I think. And before I lose anyones attention or they start shoving their fingers into my face with accusations: no I am not making or attempting to make a virus. I actually had a really good idea for a game. This game will be kind of like a creepy pasta(http://en.wikipedia.org/wiki/Creepypasta), in that it will mimic the ideals of a "haunted game". This game, when launched, will play for only a few seconds before ultimately "crashing" back to the desktop. It is at this time that I would like to hide all traces of its existence(which is still running in the background) so that I may continue with phase 2 of the game. During this phase, I will randomly take control of a console window, or play creepy sound effects at arbitrary/random intervals. The game will open back up at random, as if it has a mind of its own, too, but the game will be different each time this happens.
I would like to hide the game from the task manager completely. So this window:
Will show absolutely nothing of the program, no matter the tab the user selects. I want the game to, quite literally, turn into a ghost. The programming language that I am planning on using is C# and for the graphics library, OpenTK(Which is irrelevant for this question, but I want to make sure I lay down as much information as possible).
Anyone have any ideas? Oh, and I should also mention that I am quite fluent in the .NET framework/api, and I can build any windows forms application by hand(without using the editor).
Update:
I just thought of a fun alternative to hiding it. The answer: make the program smarter. Send the program to desktop, then listen for the opening of a task manager. If it opens, my program immediately shuts down task manager and the game responds with something super creepy like "But i thought you wanted to play with me? Why are you trying to kill me?" in a console. Sounds awesome. Lol.
I am no expert but I think most techniques that deals with process hiding uses CreateRemoteThread.
http://msdn.microsoft.com/en-us/library/windows/desktop/ms682437(v=vs.85).aspx
It is pretty tough to get right, but there are maaany blogs about it, eg:
http://resources.infosecinstitute.com/using-createremotethread-for-dll-injection-on-windows/
This works by picking some victim process that is already running, like say svchost.exe and add your thread into this.
Also while speaking of svchost, you can also very legally register a service and be hosted by this windows process, your clients may see the running game by calling the listing command:
tasklist /svc /fi "imagename eq svchost.exe"
or:
http://www.howtogeek.com/80082/svchost-viewer-shows-exactly-what-each-svchost-exe-instance-is-doing/
This is a tad more hidden than directly appearing as a task, while remainging more gentle to the user than the CreateRemoteThread. Also less crash prone, and also, anti viruses usually hook CreateRemoteThread to block calls to it.
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 4 months ago.
This post was edited and submitted for review 3 months ago and failed to reopen the post:
Original close reason(s) were not resolved
Improve this question
My app is fairly large, and is now being used successfully by 100s of users. I started many years ago, and I am stuck at XF 4.8. I use the "SHARED CODE" paradigm. I have many pages derived from a class BasePage which is derived from ContentPage. I have .xaml and .xaml.cs files nicely nested. I have a lot of logging to both the Console and a file.
I just did a major merge of some code that diverged. One of the pages is called "InfPumpPage". Like most of my pages, I do a new on it at startup.
HERE'S THE WEIRD: I log when I call do the new(), and I log in the first line of the constructor (before InitializeComponents). When it crashes, I don't see the log msg in the ctor. I say "when it crashes" because if I remove essentially all the code, it "works". (Note, I did not change the XAML code.) But still weird -- there's a delay between the new() and the ctor log msg that does not exist for other pages. Even with no code, it's about 1/2 sec, compared to 4 msec worst case on the others, some of which are more complex.
EVEN MORE WEIRD -- when I start adding code back in, it still works, to a point, but it seems like every bit I add makes that delay longer. When it gets to about 12 seconds, the debugger just reports "App Terminated". Running the app not under the debugger it runs nicely -- new to ctor log msg 1 msec.
WEIRDEST YET -- in desperation, I deleted the .xaml & .xaml.cs file, and re-created with Add Item. I hacked on it to get publics satisfied for the rest of the code. Essentially no XAML. IT STILL HAS THE DELAY, and I suspect if I add enough code I can get it crashing again. BUT -- no evidence that ANY OF THE CODE HAS BEEN RUNNING!
I've changed linker behavior for Debug from Don't Link to Link Framework. I've tried with and without "Enable the Mono Interpretter" checked. I've also radically changed the order the pages are constructed in -- does not affect. I've wondered if there was a Garbage collection, but now the object is tiny compared to others (change in total memory 13K vs 1.4MB for the more complex one). Just updated Win VS 17.3.6 today, no change. Latest Xamarin.iOS (16.0.0.75).
UPDATE: Unbelievably, after learning this hard lesson, I've been having this again. This time I changed from "Link Framework" to "Link All", which seemed to fix for the better part of a day. But then it started misbehaving again. I updated my Mac OS and my XCode version, and it's working again. Now if I can only remember to delete .vs trick next time.
This question was tagged as closed because it needed more detail, but I don't know how I could add more than this.
Well, this is still WEIRD, but I'm past it. Deleting the .vs (hidden) directory (and, bin/obj) and rebuilding fixes everything.
This is starting to really be like VisualStudio was told to do something special with the file or class called InfPumpPage. I don't know what this would be, I sure didn't do it on purpose, and I looked everywhere I could think of to undo it. I'm REALLY CURIOUS if someone has a clue.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
From what I know it is rather known that c# can not be accurate when timing is critical. I certainly can understand that but was hoping there were known game hacks to help my issue.
tech:
I'm using an API for USB that sends data over a control transfer. In the API I get an event when an interrupt transfer occurs (one every 8 ms). I then simply fire off my control transfer at that exact time. What I have noticed, however not often, is that it takes more then 8ms to fire. Most of the time it does so in a timely matter (< 1ms after the interrupt event). The issue is that control transfers can not happen at the same time of an interrupt transfer so the control transfer must be done with in 5ms of the interrupt transfer so that it is complete and the interrupt transfer can take place.
So usb stuff aside my issue is getting an event to fire < 5ms after another event. I'm hoping there is a solution for this as gaming would also suffer form this sort of thing. For example some games can be put in a high priority mode. I wonder if that can be done in code? I may also try a profiler to back up my suspicions, it may be something I can turn off.
For those that want to journey down the technical road, the api is https://github.com/signal11/hidapi
If maybe someone has a trick or idea that may work, here are some of the considerations in my case.
1) usb interrupt polls happen ever 8 ms and are only a few hundred us long
2) control transfer should happen once every 8-32 ms (fast the better)
3) this control transfer can take up to 5 ms to complete
4) Skipping oscillations is ok for the controller transfer
5) this is usb 1.1
This is not even a C# problem, you are in a multi tasking non-realtime OS, so you don't know when your program is going to be active, the OS can give priority to other tasks.
Said that, you can raise the priority of the program thread, but I doubt it will solve anything:
System.Threading.Thread.CurrentThread.Priority = ThreadPriority.Highest;
When such restrictive timmings must be met then you must work at kernel level, per example as a driver.
I've been looking for a way to do some stuff before an application starts and stop the started application and execute after "the stuff" is completed.
Like an Antivirus applications, when you open an application which may be dangerous or has no certification, it executes a scanning and only after that execution allow the application to starts.
Already tried with watchers and WMI (C#) but no success, since the calling event happens before the application starts and there is no way to cancel the opening.
If there is a name for that technique or someone knows an example code in C++ or C# or even any other language.
For those who are downvoting the question at least have the F** balls to explain why is downvoting...
It's a legitimate question! Maybe i miss explain it but still a legitimate question. Ohh I forgot, in many years of your career you already had to know everything... What would happen if you lost internet connection for three days? Are you still be productive? Maybe you guys had the API and documentation injected by Tank from Matrix... That's how NEO learn to fight.
Thanks
One option (which might be used by antiviruses, but not sure) is described here:
https://www.codeproject.com/Articles/11985/Hooking-the-native-API-and-controlling-process-cre
Basically, hooking the functions NtCreateFile(), NtOpenFile() or NtCreateSection() (the last one being mentioned as the preferred).
However, the hook must be done from inside a kernel mode driver, which might be a "slight inconvenience" (especially under 64-bit Windows, where the drivers must be signed AFAIK).
Some options also mentioned here: How does a Windows antivirus hook into the file access process?
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 6 years ago.
Improve this question
I have two windows C# WinForms applications that behave the same way related to this issue. The behavior exhibits if the applications are ran in this order:
Main application starts up and part of its normal working process opens some sockets; mixture of tcp udp and multicast.
At some time pressing a button it starts another application using C# process related libraries. The second app starts ok and all is ok.
It is known and acceptable that if I start a second instance of my main app the second instance won't be able to use the sockets the first one owns.
The issue that I have is that if I shutdown the first app and restart, it won't be able to acquire the sockets anymore... until the child app is also shutdown.
Note that the second app doesn't use ANY sockets whatsoever, but somehow windows keeps the sockets locked until the second app shuts down.
I HAVE THIS QUESTION RELATED TO PROGRAMMING IN C# WIN FORMS WHICH IS ON THE TOPIC NOW WITH CAPITAL LETTERS FOR PEOPLE WHO CAN NOT DISTINGUISH ON/OFF TOPIC:
how do I solve this so that I don't need to shutdown the second app for the first one to be able to acquire its sockets (WHICH -i know - ARE FREE).
This is normal handle inheritance behavior. Unfortunately the .Net Process.Start is passing true as bInheritHandles to CreateProcess (NB. an open request to allow control of this behavior exists: Make Process.Start have a option to change handle inheritance). As a work around, use the native CreateProcess instead, see When System.Diagnostics.Process creates a process, it inherits inheritable handles from the parent process.
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
My wpf program has a strange problem regarding the startup performance on different computer with same specs.
One computer loads my program less than a second.
Another computer with the same spec loads 10+ secs.
With the help of Visualstudio performance profiler, I notice that two computers loads the program differently! which is so strange.
My problem is basically the same as this post:
C# WPF Very slow application launch
The performance profiler on the "fast" computer(I mean start the program fast) shows that the program starts with System.Windows.Application.Run(),
whereas the "slow" one shows that it starts with System.Windows.Application.RunInternal(...)
With the additional "internal" the boots time increased 10 times even though two computers are of the same spec and the source code are the same. (Actually, it is just plain mvvm light WPF start file)
Any ideas?
The other thing to check may be anti-virus. Is one machine running real-time AV and the other not? Are both logged in users members of the same groups? Are both machines in the same OU?
Log not-caught exceptions (in app level).
See if the users on both
computers have same level of authorizations (both are admin i.e.; or rather are not).
That should help.
Check in both the computer what are the services running. Check your both CPU Usage in two scenario by running your application and after closing your application.