• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 303
  • Last Modified:

How to prevent my children to close my program

I have developed a program to check how long my children are active on the computer. But they kill the program with the taskmanager.
Is there a way to prevent this? Perhaps my program adjust its token privileges or ACL? (SetPrivilege OpenProcessToken AdjustTokenPrivileges). The solution should work with Windows XP.

Kann
0
Kann
Asked:
Kann
  • 3
  • 3
  • 2
  • +3
4 Solutions
 
CodedKCommented:
Hi.

http://www.experts-exchange.com/Programming/Programming_Languages/Delphi/Q_20427838.html
~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-
in the *.dpr file

var HandleMutex:HWND; // this line

begin
{ and this two lines I've there to disable multi instances, it's not needed to your question...
}
  HandleMutex:= CreateMutex(nil,False,'my_troj_now');
  If GetLastError = ERROR_ALREADY_EXISTS Then Exit;

  Application.Initialize;
  Application.Title:='';  // important
  Application.ShowMainForm:=False;  // important
  Application.CreateForm(TForm1, Form1);
  Application.Run;
end.

then U need to declare this type:

type TRegisterService=function(dwProcessId,dwType:dword):Integer;stdcall;

and the last step is do this on Form1.Create:

procedure TForm1.FormCreate(Sender: TObject);
var RegisterServiceProcess:TRegisterService;
    dllHandle:THandle;
begin
 dllHandle:=LoadLibrary('KERNEL32.DLL');
 @RegisterServiceProcess:=GetProcAddres (dllHandle,'RegisterServiceProcess');
 If @RegisterServiceProcess<>nil Then RegisterServiceProcess(GetCurrentProcessID,1);
end;

~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-

Or completely disable Task Manager :
http://www.experts-exchange.com/Programming/Programming_Languages/Delphi/Q_21145812.html
~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-
Or:
http://www.experts-exchange.com/Programming/Programming_Languages/Delphi/Q_10054416.html
~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-
Hope this helps.
0
 
aikimarkCommented:
1. make your program run as a service
2. assign your kid's user rights = USER (no priviledges)
0
 
A. Cristian CsikiSenior System AdministratorCommented:
or just rename your project csrss.exe....it can't be killed like if your application has that name.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
KannAuthor Commented:
Hello,

thanks for your comments.
The RegisterServiceProcess function works in Win9x only - not in WinXP.

> 1. make your program run as a service
> 2. assign your kid's user rights = USER (no priviledges)

This is correct, but I do not want to develop a service. Is it not possible to withdraw privileges for my process, so that the user have not the rights to kill my process. (See API function SetPrivilege OpenProcessToken AdjustTokenPrivileges, or ACL)

Kann
0
 
A. Cristian CsikiSenior System AdministratorCommented:
kann...try my tip:
rename your application from "exemple.exe" to "csrss.exe" and can't be killed.
0
 
aikimarkCommented:
Install it as a service.  Alternatively, you might just install some monitoring program that restarts your program if it ever ends (or invokes an administrator-password protected screen saver to prevent further PC use.  For that matter, your service could invoke system shutdown.
0
 
anorganixCommented:
Hi!
The alternatives shonw above are quite usefull, but I recommend to hook process termination API using madCodeHook.

Windows 9x/ME uses the API "TerminateProcess" from "kernel32.dll" and Windows 2k/XP and above use the API "NtTerminateProcess" from "ntdll.dll".

There is a full example in "%madInstallFolder%\madCodeHook\Demos\system wide\HookProcessTermination".

Get madCollection from http://www.madshi.net
Cheers!

:: Cosmin
0
 
anorganixCommented:
If you want, please let me know and I can make you a quick sample...
Just tell me the name of your exe...

:: Cosmin
0
 
A. Cristian CsikiSenior System AdministratorCommented:
hi Kann,
did you solved you're problem?
0
 
KannAuthor Commented:
> rename your application from "exemple.exe" to "csrss.exe" and can't be killed.

nodramas, I don't want to use such spyware/virus solution - thi confuse some antispyware programs.
anorganix, my children doesn't have an administrator account - so you solution doesn't work.

I'm sure there is an good and clear solution based on adjustment the token privileges or ACL? (SetPrivilege OpenProcessToken AdjustTokenPrivileges). I don't want to use dirty tricks.

Kann
0
 
aikimarkCommented:
run as a service
0
 
Wim ten BrinkCommented:
Everyone is providing the correct solution here: run as a service!

But I want to add the following: combine the service with a normal application. The service should be running as a system account which your kids can't disable. The application would just be running, keeping track of the amount of time and regularly feeding information to the service. Now, if the service doesn't receive these 'Alive' messages from the application, it too could take appropiate actions. It could just restart the application or even close the computer.

About using the security mechanism of Windows, I have to disappoint you on that level. Even though you can set certain privileges to the process, the process is started by the current user and this user is your kid. Thus, the user will always have the right to terminate the process again. You should therefore have the process started under a different account (Run as ...) which would prevent your kids from most techniques to terminate it.

Yet I know that if you can't close an application, you can always try to make it crash instead, which also tends to close it. For example, I once worked at a place where every afternoon a backup would be started. Unfortunately, sometimes it started at the wrong moment so I had to kill it. Since it was running under a system account, I could not terminate it the normal way. So I used the task manager to debug the process instead. Then, from the debugger, I terminated the process and voila, no backup that day. :-)
Nothing worse than the system making a backup when you're starting a database import of 500.000 records on the same system...

Keep in mind that children are just little hackers, btw. No matter what you can find to limit them, they will find a way to bypass your security. There's no programmable substitute for a real parent.
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 3
  • 3
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now