?
Solved

Protect An Application From Being Killed With Task Manager (Delphi)

Posted on 2012-09-09
6
Medium Priority
?
2,481 Views
Last Modified: 2012-09-24
Hello

I'm writing a security application and i need it to prevent killing from task manager...

Example : as AV working when you try to kill it with task manager you get an access denied...

Any way i'm using :
CodeGear RAD Studio Delphi 2009 v12
Windows 7 - 32 Bit

And I'm trying to figure out this "base code"... it should do the stuff but i am having troubles to compile it and I'm stuck.

Please let me know thanks a lot ! ...

i have trouble under "ea.Trustee.ptstrName"

function SetPermissions(pid : integer) : cardinal;
var
  hpWriteDAC : THandle;
  pdacl : PACL;
  ea : EXPLICIT_ACCESS;
  dwErr : DWORD;
  users : string;
begin
  hpWriteDAC := OpenProcess(WRITE_DAC, false, pid);
 
  // word
  users := 'Tout le monde';
  ea.grfAccessPermissions := PROCESS_TERMINATE;
  ea.grfAccessMode := DENY_ACCESS;
  ea.grfInheritance := NO_INHERITANCE;
  ea.Trustee.pMultipleTrustee := nil;
  ea.Trustee.MultipleTrusteeOperation := NO_MULTIPLE_TRUSTEE;
  ea.Trustee.TrusteeForm := TRUSTEE_IS_NAME;
  ea.Trustee.TrusteeType := TRUSTEE_IS_WELL_KNOWN_GROUP;
 // ea.Trustee.ptstrName := PWideChar(@users[1]);
 ea.Trustee.ptstrName := PChar(@users[1]);
  pdacl := nil;
  dwErr := SetEntriesInAcl(1, @ea, nil, pdacl);
  if dwErr<>0
  then RaiseLastOSError;
 
  dwErr := SetSecurityInfo(hpWriteDAC, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION,
    nil, nil,pdacl, nil);
  if dwErr<>0
  then RaiseLastOSError;
 
  LocalFree(THAndle(pdacl));
  CloseHandle(hpWriteDAC);
end;

Open in new window



There second code below compile but do nothing. it does not prevent from killing.

procedure SetPermissions( hSection:THANDLE) ;
label CleanUp;
var
pDacl,pNewDacl: PACL ;
pSD: PPSECURITY_DESCRIPTOR ;
dwRes : DWORD;
ea:EXPLICIT_ACCESS;
pid:integer;
users : String;
begin
pDacl:=nil;
pNewDacl :=nil;
pSD:=nil;
dwRes:=GetSecurityInfo(hSection,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION,
nil,nil,pDacl,nil,pSD);
 
if(dwRes<>ERROR_SUCCESS) then
begin
goto CleanUp;
end;
  users := 'All users';// everyOne ,.....
 hSection := OpenProcess(WRITE_DAC, false, pid);
  ea.grfAccessPermissions := PROCESS_TERMINATE;
  ea.grfAccessMode := DENY_ACCESS;
  ea.grfInheritance := NO_INHERITANCE;
  ea.Trustee.pMultipleTrustee := nil;
  ea.Trustee.MultipleTrusteeOperation := NO_MULTIPLE_TRUSTEE;
  ea.Trustee.TrusteeForm := TRUSTEE_IS_NAME;
  ea.Trustee.TrusteeType := TRUSTEE_IS_WELL_KNOWN_GROUP;
  //ea.Trustee.ptstrName := PChar(@users[1]);
  ea.Trustee.ptstrName :='Tout le monde';
 // pdacl := nil;
 
dwRes:=SetEntriesInAcl(1,@ea,pDacl,pNewDacl) ;
if(dwRes<> ERROR_SUCCESS) then
begin
goto CleanUp;
end;
dwRes:=SetSecurityInfo(hSection,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION, nil,nil,pNewDacl,nil);
 
if(dwRes<>ERROR_SUCCESS) then
begin
goto CleanUp;
end;
 
CleanUp:
 
if(pSD<>nil) then
LocalFree(Ulong(pSD));
if(pNewDacl<>nil) then
LocalFree(Ulong(pNewDacl));
end;
 
----------------------------------------------
 
procedure TForm1.FormCreate(Sender: TObject);
begin
SetPermissions(GetCurrentProcessId);
end;

Open in new window



------------------------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------------------
uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, CommCtrl, ExtCtrls, StdCtrls, AclAPI, AccCtrl, Tlhelp32, ShellAPI, PSAPI;

  private
    { Private declarations }
  function SetPermissions(pid : integer) : cardinal;

Open in new window

0
Comment
Question by:intika
6 Comments
 
LVL 38

Expert Comment

by:Geert Gruwez
ID: 38382004
writing a virus and writing an anti-virus have a lot of similar "Pre-requisites"
this is one of them

code alone won't do it

run your program as a service
>>from delphi, create a service application
http://www.tolderlund.eu/delphi/service/service.htm
http://www.techrepublic.com/article/creating-nt-services-in-delphi/1050538

in principal a service is run at startup by the system account
you can set priviliges for other users when creating the service
like if they stop or start the service
the jedi security library may possible help you on the way here:
http://blog.delphi-jedi.net/security-library/

of course you'll have to become a genius in multi threaded delphi programming
read here :
http://sklobovsky.nstemp.com/community/threadmare/threadmare.htm
0
 
LVL 38

Expert Comment

by:Geert Gruwez
ID: 38382008
oh, btw,
you can't deny yourself permission to kill the app
you always need a second user to do this
0
 
LVL 9

Accepted Solution

by:
ITugay earned 1500 total points
ID: 38397623
Possible use API hooking to prevent process termination. Not an easy way. And there is difference between 32 and 64 bit Windows versions. If you ready to go, then use "prevent process termination HookAPI" as keywords.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 28

Expert Comment

by:Sinisa Vuk
ID: 38421094
My vote goes to api hooking too. Main problem is to hook TerminateProcess api function. This can be done with Madshi code hook:
http://madshi.net/madCodeHookDescription.htm

...or try google with ITugays keywords :-)
0
 

Author Comment

by:intika
ID: 38428045
Thanks gays it really helped me

@sinisav : sorry dude i would accept your answer part of multiple answer but as i clicked too quickly and as it's my first use of the side i did not check that your answer was checked :( really sorry... is there a way to go back ?
0
 
LVL 9

Expert Comment

by:ITugay
ID: 38428345
I can send my half to sinisav:) Few years ago it was normal, not sure for now.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction The parallel port is a very commonly known port, it was widely used to connect a printer to the PC, if you look at the back of your computer, for those who don't have newer computers, there will be a port with 25 pins and a small print…
Hello everybody This Article will show you how to validate number with TEdit control, What's the TEdit control? TEdit is a standard Windows edit control on a form, it allows to user to write, read and copy/paste single line of text. Usua…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question