So i need a bit of help finding some code.
I'm looking for a code that can change a process name (the one you see in task manager), either while its running or before it starts - it doesn't matter. Bonus if you can show me how to hide the process from all programs.
code in: C++, C#, or VB.net appreciated. Anything else is fine, but it'll be a hassle.
What you're looking for is called a rootkit technique. There are hundreds of them, some operate in kernel mode, others in user mode. The general idea is to hide information from the user using one of a few means:
1a) Inject some code in all the processes, except yours, which hooks file access APIs and process access APIs maybe even network ones, and filters the output so your process/modules wouldn't appear in them.
1b) Hook taskmgr and similar applications to hide stuff from them. Easily defeated from using other process viewers
1c) Kill such process viewer applications. Only scumbags do this, and again easily defeated.
2a) Modify kernel structures to actually remove any traces of such processes from memory, however that means you will have to manage the processes yourself, which is not an easy task, but has been done in the past.
2b) Hook SSDT or various NT OS APIs in the kernel, or hook sysenter routine or some interrupts or modify various drivers at runtime, or install filter drivers, and many other possibilities.
3) Virtualization of the entire OS (see: Bluepill)
4) Design your code so it can be injected in some running process and just run as a thread in that process.
There are other methods, but I can't be bothered to recall them all.
From required privileges: 1 - User or Admininistrator (for good stealth), 2 - SYSTEM(can elevate from Administrator), 3 - SYSTEM(...), 4 - User or Administrator.
It seems most malware authors prefer method 4, at least I've reversed a few hundred malwares in my life and most seem to take that course, as it needs the least privileges and doesn't bother the user much, however let me remind you that ANY methods are detectable:
1,4 - Just fire up a debugger and examine the memory layout and running threads, it's not hard to locate such rogue code if you know what you're doing. If such a rootkit hides itself by hooking debugging APIs, all you have to do is either load kernel32 and related dlls manually into memory and access the (SSDT) NT APIs directly. There is no way 1 and 4 can protect themselves against such tricks without kernel means.
2 - Much harder to defeat, but with a good kernel debugger, it's possible to find anything.
3 - A kernel debugger won't work here directly, unless you know the vector which launches the rootkit (for example, if it loads via BIOS code in your GPU, then things could get very tricky), however it's possible to detect virtualization in general via timing tricks - some instructions need to be virtualized, which means they'll run slower than in a non-virtualized OS by a few orders of magnitude. You can execute such code and do internal+external timing to detect if you're running virtualized. It's also possible to disable such features in BIOS, providing you can trust your BIOS to not be compromised.
tl;dr: Many methods to do what you want OP, everything is detectable of course, as no system is closed to a skilled enough reverse engineer. If you really want practical examples, see rootkit.com or just grab some real world samples and reverse them yourself.