Solved

DISABLE  END PROCESS IN TASKMGR

Posted on 2004-03-20
23
999 Views
Last Modified: 2012-08-14
Hi.

Is there a way to prevent a user ending a program by clicking end-process in the windows taskmgr (i have already provided protection against end-task, but this is useless without protection against end-process)

i have seen certain applications do this, for example,

>> if u try to end-process on services.exe, it says that it is a critical process and cannot be ended.
>> when i was trying to remove some spyware from my machiene, i tried to end-process on it and it said access denied.

btw, i will be using this information only for legit purposes. my application cannot be terminated because it contains windows hooks - if i do not unhook before closing, it will slow up the OS and i cannot afford this to happen.

Thanks in advance
0
Comment
Question by:cc16
  • 9
  • 4
  • 2
  • +3
23 Comments
 
LVL 86

Accepted Solution

by:
jkr earned 205 total points
ID: 10641899
>>Is there a way to prevent a user ending a program by clicking end-process in the windows
>>taskmgr

Actually, no.

>> if u try to end-process on services.exe, it says that it is a critical process and cannot be >>ended.

That is because of the access rights to that process. And even that one can be ended by enablig the appropriate privilege...
0
 

Author Comment

by:cc16
ID: 10641946
so is there a way i can get the same result for my program?
0
 
LVL 86

Expert Comment

by:jkr
ID: 10642001
Only if you have it impersonate a privileged account. And then still every administrator can kill it by enabling that very privilege - see e.g. http://support.microsoft.com/default.aspx?scid=kb;en-us;131065 ("HOWTO: How to Obtain a Handle to Any Process with SeDebugPrivilege")
0
 

Author Comment

by:cc16
ID: 10642097
so all i have to do is:

BOOL SetPrivilege(
    HANDLE hToken,          // assign my HINSTANCE to this?
    LPCTSTR Privilege,      // what should i put here??
    BOOL bEnablePrivilege   // TRUE to enable whatever in the above string?
    );




0
 
LVL 86

Expert Comment

by:jkr
ID: 10642111
No, that's a misconception - the article shows how easily you can kill a 'protected' program. You'd need to do a *lot* more, including the assignment of impersonation privileges and elevating process rights. I only posted that to show how futile such an effort is.
0
 
LVL 1

Expert Comment

by:suma_ds
ID: 10642138
yes but they can only kill it programmatically. so for ppl who dont know how to program there is no possible way (i hope)
0
 
LVL 86

Expert Comment

by:jkr
ID: 10642147
>>so for ppl who dont know how to program there is no possible way (i hope)

http://www.sysinternals.com/ntw2k/freeware/procexp.shtml as well as a lot of other tool out there can do it.
0
 
LVL 12

Expert Comment

by:stefan73
ID: 10642189
jkr,

I've once seen a tool which could inject an additional thread into a process which would then call exit(). Do you remember the URL perhaps? It had some 7 different ways to kill a process.

Stefan
0
 

Author Comment

by:cc16
ID: 10642205
goddamit i cant belive how much windows sucks... they should give programmers a little more control
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 86

Expert Comment

by:jkr
ID: 10642259
Actually, even under UN*X there is no way to prevent the killing of a process...
0
 
LVL 1

Expert Comment

by:Lescha
ID: 10644324
You might attempt to circumvent it by catching "OnDestroy" and running your app again.
(Even if you have no window, there should still be a way of catching its end...)
0
 
LVL 86

Expert Comment

by:jkr
ID: 10644350
>>I've once seen a tool which could inject an additional thread into a process

You mean http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/terminating_a_process.asp ("Terminating a Process")?

>>You might attempt to circumvent it by catching "OnDestroy"

Won't help against "TerminateProcess()"
0
 
LVL 86

Expert Comment

by:jkr
ID: 10644355
Oh, here's more on the task manger thing: http://www.microsoft.com/msj/0398/win320398.aspx ("Win32 Q&A Mar98")
0
 
LVL 1

Expert Comment

by:suma_ds
ID: 10646940
what about having 2 seperate programs.

when one is about to be terminated, it somehow notifies the other, which loads the first one up again. if this worked vice-versa, then in theory it would be impossible to stop both of the processes running?
0
 
LVL 7

Expert Comment

by:jj819430
ID: 10650850
Are you writing Spyware or something that you want to do this for? Be careful if you try and Imitate accounts, that is ABSOLUTELY ILLEGAL if it gets privilege beyond the intention of the owners of the computers.
But if you wanted to make a program not be able to be killed then there are some options. One is to infest a process that will be running. Or to infest every process running. More effectively initiate 3 or 4 processes that simply check for each other and the process that you want to keep alive. Then if that one has been killed you restart it (Same with the other monitoring processes). Again be very careful in developing these sorts of products because it can get you into a lot of legal trouble or far worse, you could tick off the wrong programmer who knows far more than you do.
0
 

Author Comment

by:cc16
ID: 10665014
nah man i aint trying to make spyware... just trying to make an app that cannot be killed.

ok well this seems a good approach, but it would waste processing power to continously check on the other programs... i think it would be better to have the process notify the others if it is about to be ended.

is this possible? (i.e. is there some WM_ message or something that says u r about to be ended?)
0
 
LVL 86

Expert Comment

by:jkr
ID: 10982943
>>   PAQ with points refunded

Um, why? IMHO "You can't" is a valid answer.
0
 
LVL 86

Expert Comment

by:jkr
ID: 10983035
Um, I thought I was pretty clear about why that won't work...
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

  Included as part of the C++ Standard Template Library (STL) is a collection of generic containers. Each of these containers serves a different purpose and has different pros and cons. It is often difficult to decide which container to use and …
IntroductionThis article is the second in a three part article series on the Visual Studio 2008 Debugger.  It provides tips in setting and using breakpoints. If not familiar with this debugger, you can find a basic introduction in the EE article loc…
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.
The viewer will be introduced to the member functions push_back and pop_back of the vector class. The video will teach the difference between the two as well as how to use each one along with its functionality.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now