Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1012
  • Last Modified:

DISABLE END PROCESS IN TASKMGR

Hi.

Is there a way to prevent a user ending a program by clicking end-process in the windows taskmgr (i have already provided protection against end-task, but this is useless without protection against end-process)

i have seen certain applications do this, for example,

>> if u try to end-process on services.exe, it says that it is a critical process and cannot be ended.
>> when i was trying to remove some spyware from my machiene, i tried to end-process on it and it said access denied.

btw, i will be using this information only for legit purposes. my application cannot be terminated because it contains windows hooks - if i do not unhook before closing, it will slow up the OS and i cannot afford this to happen.

Thanks in advance
0
cc16
Asked:
cc16
  • 9
  • 4
  • 2
  • +3
1 Solution
 
jkrCommented:
>>Is there a way to prevent a user ending a program by clicking end-process in the windows
>>taskmgr

Actually, no.

>> if u try to end-process on services.exe, it says that it is a critical process and cannot be >>ended.

That is because of the access rights to that process. And even that one can be ended by enablig the appropriate privilege...
0
 
cc16Author Commented:
so is there a way i can get the same result for my program?
0
 
jkrCommented:
Only if you have it impersonate a privileged account. And then still every administrator can kill it by enabling that very privilege - see e.g. http://support.microsoft.com/default.aspx?scid=kb;en-us;131065 ("HOWTO: How to Obtain a Handle to Any Process with SeDebugPrivilege")
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
cc16Author Commented:
so all i have to do is:

BOOL SetPrivilege(
    HANDLE hToken,          // assign my HINSTANCE to this?
    LPCTSTR Privilege,      // what should i put here??
    BOOL bEnablePrivilege   // TRUE to enable whatever in the above string?
    );




0
 
jkrCommented:
No, that's a misconception - the article shows how easily you can kill a 'protected' program. You'd need to do a *lot* more, including the assignment of impersonation privileges and elevating process rights. I only posted that to show how futile such an effort is.
0
 
suma_dsCommented:
yes but they can only kill it programmatically. so for ppl who dont know how to program there is no possible way (i hope)
0
 
jkrCommented:
>>so for ppl who dont know how to program there is no possible way (i hope)

http://www.sysinternals.com/ntw2k/freeware/procexp.shtml as well as a lot of other tool out there can do it.
0
 
stefan73Commented:
jkr,

I've once seen a tool which could inject an additional thread into a process which would then call exit(). Do you remember the URL perhaps? It had some 7 different ways to kill a process.

Stefan
0
 
cc16Author Commented:
goddamit i cant belive how much windows sucks... they should give programmers a little more control
0
 
jkrCommented:
Actually, even under UN*X there is no way to prevent the killing of a process...
0
 
LeschaCommented:
You might attempt to circumvent it by catching "OnDestroy" and running your app again.
(Even if you have no window, there should still be a way of catching its end...)
0
 
jkrCommented:
>>I've once seen a tool which could inject an additional thread into a process

You mean http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/terminating_a_process.asp ("Terminating a Process")?

>>You might attempt to circumvent it by catching "OnDestroy"

Won't help against "TerminateProcess()"
0
 
jkrCommented:
Oh, here's more on the task manger thing: http://www.microsoft.com/msj/0398/win320398.aspx ("Win32 Q&A Mar98")
0
 
suma_dsCommented:
what about having 2 seperate programs.

when one is about to be terminated, it somehow notifies the other, which loads the first one up again. if this worked vice-versa, then in theory it would be impossible to stop both of the processes running?
0
 
jj819430Commented:
Are you writing Spyware or something that you want to do this for? Be careful if you try and Imitate accounts, that is ABSOLUTELY ILLEGAL if it gets privilege beyond the intention of the owners of the computers.
But if you wanted to make a program not be able to be killed then there are some options. One is to infest a process that will be running. Or to infest every process running. More effectively initiate 3 or 4 processes that simply check for each other and the process that you want to keep alive. Then if that one has been killed you restart it (Same with the other monitoring processes). Again be very careful in developing these sorts of products because it can get you into a lot of legal trouble or far worse, you could tick off the wrong programmer who knows far more than you do.
0
 
cc16Author Commented:
nah man i aint trying to make spyware... just trying to make an app that cannot be killed.

ok well this seems a good approach, but it would waste processing power to continously check on the other programs... i think it would be better to have the process notify the others if it is about to be ended.

is this possible? (i.e. is there some WM_ message or something that says u r about to be ended?)
0
 
jkrCommented:
>>   PAQ with points refunded

Um, why? IMHO "You can't" is a valid answer.
0
 
jkrCommented:
Um, I thought I was pretty clear about why that won't work...
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 9
  • 4
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now