Solved

DISABLE  END PROCESS IN TASKMGR

Posted on 2004-03-20
23
1,003 Views
Last Modified: 2012-08-14
Hi.

Is there a way to prevent a user ending a program by clicking end-process in the windows taskmgr (i have already provided protection against end-task, but this is useless without protection against end-process)

i have seen certain applications do this, for example,

>> if u try to end-process on services.exe, it says that it is a critical process and cannot be ended.
>> when i was trying to remove some spyware from my machiene, i tried to end-process on it and it said access denied.

btw, i will be using this information only for legit purposes. my application cannot be terminated because it contains windows hooks - if i do not unhook before closing, it will slow up the OS and i cannot afford this to happen.

Thanks in advance
0
Comment
Question by:cc16
  • 9
  • 4
  • 2
  • +3
23 Comments
 
LVL 86

Accepted Solution

by:
jkr earned 205 total points
ID: 10641899
>>Is there a way to prevent a user ending a program by clicking end-process in the windows
>>taskmgr

Actually, no.

>> if u try to end-process on services.exe, it says that it is a critical process and cannot be >>ended.

That is because of the access rights to that process. And even that one can be ended by enablig the appropriate privilege...
0
 

Author Comment

by:cc16
ID: 10641946
so is there a way i can get the same result for my program?
0
 
LVL 86

Expert Comment

by:jkr
ID: 10642001
Only if you have it impersonate a privileged account. And then still every administrator can kill it by enabling that very privilege - see e.g. http://support.microsoft.com/default.aspx?scid=kb;en-us;131065 ("HOWTO: How to Obtain a Handle to Any Process with SeDebugPrivilege")
0
Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

 

Author Comment

by:cc16
ID: 10642097
so all i have to do is:

BOOL SetPrivilege(
    HANDLE hToken,          // assign my HINSTANCE to this?
    LPCTSTR Privilege,      // what should i put here??
    BOOL bEnablePrivilege   // TRUE to enable whatever in the above string?
    );




0
 
LVL 86

Expert Comment

by:jkr
ID: 10642111
No, that's a misconception - the article shows how easily you can kill a 'protected' program. You'd need to do a *lot* more, including the assignment of impersonation privileges and elevating process rights. I only posted that to show how futile such an effort is.
0
 
LVL 1

Expert Comment

by:suma_ds
ID: 10642138
yes but they can only kill it programmatically. so for ppl who dont know how to program there is no possible way (i hope)
0
 
LVL 86

Expert Comment

by:jkr
ID: 10642147
>>so for ppl who dont know how to program there is no possible way (i hope)

http://www.sysinternals.com/ntw2k/freeware/procexp.shtml as well as a lot of other tool out there can do it.
0
 
LVL 12

Expert Comment

by:stefan73
ID: 10642189
jkr,

I've once seen a tool which could inject an additional thread into a process which would then call exit(). Do you remember the URL perhaps? It had some 7 different ways to kill a process.

Stefan
0
 

Author Comment

by:cc16
ID: 10642205
goddamit i cant belive how much windows sucks... they should give programmers a little more control
0
 
LVL 86

Expert Comment

by:jkr
ID: 10642259
Actually, even under UN*X there is no way to prevent the killing of a process...
0
 
LVL 1

Expert Comment

by:Lescha
ID: 10644324
You might attempt to circumvent it by catching "OnDestroy" and running your app again.
(Even if you have no window, there should still be a way of catching its end...)
0
 
LVL 86

Expert Comment

by:jkr
ID: 10644350
>>I've once seen a tool which could inject an additional thread into a process

You mean http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/terminating_a_process.asp ("Terminating a Process")?

>>You might attempt to circumvent it by catching "OnDestroy"

Won't help against "TerminateProcess()"
0
 
LVL 86

Expert Comment

by:jkr
ID: 10644355
Oh, here's more on the task manger thing: http://www.microsoft.com/msj/0398/win320398.aspx ("Win32 Q&A Mar98")
0
 
LVL 1

Expert Comment

by:suma_ds
ID: 10646940
what about having 2 seperate programs.

when one is about to be terminated, it somehow notifies the other, which loads the first one up again. if this worked vice-versa, then in theory it would be impossible to stop both of the processes running?
0
 
LVL 7

Expert Comment

by:jj819430
ID: 10650850
Are you writing Spyware or something that you want to do this for? Be careful if you try and Imitate accounts, that is ABSOLUTELY ILLEGAL if it gets privilege beyond the intention of the owners of the computers.
But if you wanted to make a program not be able to be killed then there are some options. One is to infest a process that will be running. Or to infest every process running. More effectively initiate 3 or 4 processes that simply check for each other and the process that you want to keep alive. Then if that one has been killed you restart it (Same with the other monitoring processes). Again be very careful in developing these sorts of products because it can get you into a lot of legal trouble or far worse, you could tick off the wrong programmer who knows far more than you do.
0
 

Author Comment

by:cc16
ID: 10665014
nah man i aint trying to make spyware... just trying to make an app that cannot be killed.

ok well this seems a good approach, but it would waste processing power to continously check on the other programs... i think it would be better to have the process notify the others if it is about to be ended.

is this possible? (i.e. is there some WM_ message or something that says u r about to be ended?)
0
 
LVL 86

Expert Comment

by:jkr
ID: 10982943
>>   PAQ with points refunded

Um, why? IMHO "You can't" is a valid answer.
0
 
LVL 86

Expert Comment

by:jkr
ID: 10983035
Um, I thought I was pretty clear about why that won't work...
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: SunnyDark
This article's goal is to present you with an easy to use XML wrapper for C++ and also present some interesting techniques that you might use with MS C++. The reason I built this class is to ease the pain of using XML files with C++, since there is…
Introduction This article is the first in a series of articles about the C/C++ Visual Studio Express debugger.  It provides a quick start guide in using the debugger. Part 2 focuses on additional topics in breakpoints.  Lastly, Part 3 focuses on th…
The viewer will learn how to use the return statement in functions in C++. The video will also teach the user how to pass data to a function and have the function return data back for further processing.
The viewer will learn additional member functions of the vector class. Specifically, the capacity and swap member functions will be introduced.

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question