Protect An Application From Being Killed With Task Manager (Delphi)

Hello

I'm writing a security application and i need it to prevent killing from task manager...

Example : as AV working when you try to kill it with task manager you get an access denied...

Any way i'm using :
CodeGear RAD Studio Delphi 2009 v12
Windows 7 - 32 Bit

And I'm trying to figure out this "base code"... it should do the stuff but i am having troubles to compile it and I'm stuck.

Please let me know thanks a lot ! ...

i have trouble under "ea.Trustee.ptstrName"

function SetPermissions(pid : integer) : cardinal;
var
  hpWriteDAC : THandle;
  pdacl : PACL;
  ea : EXPLICIT_ACCESS;
  dwErr : DWORD;
  users : string;
begin
  hpWriteDAC := OpenProcess(WRITE_DAC, false, pid);
 
  // word
  users := 'Tout le monde';
  ea.grfAccessPermissions := PROCESS_TERMINATE;
  ea.grfAccessMode := DENY_ACCESS;
  ea.grfInheritance := NO_INHERITANCE;
  ea.Trustee.pMultipleTrustee := nil;
  ea.Trustee.MultipleTrusteeOperation := NO_MULTIPLE_TRUSTEE;
  ea.Trustee.TrusteeForm := TRUSTEE_IS_NAME;
  ea.Trustee.TrusteeType := TRUSTEE_IS_WELL_KNOWN_GROUP;
 // ea.Trustee.ptstrName := PWideChar(@users[1]);
 ea.Trustee.ptstrName := PChar(@users[1]);
  pdacl := nil;
  dwErr := SetEntriesInAcl(1, @ea, nil, pdacl);
  if dwErr<>0
  then RaiseLastOSError;
 
  dwErr := SetSecurityInfo(hpWriteDAC, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION,
    nil, nil,pdacl, nil);
  if dwErr<>0
  then RaiseLastOSError;
 
  LocalFree(THAndle(pdacl));
  CloseHandle(hpWriteDAC);
end;

Open in new window



There second code below compile but do nothing. it does not prevent from killing.

procedure SetPermissions( hSection:THANDLE) ;
label CleanUp;
var
pDacl,pNewDacl: PACL ;
pSD: PPSECURITY_DESCRIPTOR ;
dwRes : DWORD;
ea:EXPLICIT_ACCESS;
pid:integer;
users : String;
begin
pDacl:=nil;
pNewDacl :=nil;
pSD:=nil;
dwRes:=GetSecurityInfo(hSection,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION,
nil,nil,pDacl,nil,pSD);
 
if(dwRes<>ERROR_SUCCESS) then
begin
goto CleanUp;
end;
  users := 'All users';// everyOne ,.....
 hSection := OpenProcess(WRITE_DAC, false, pid);
  ea.grfAccessPermissions := PROCESS_TERMINATE;
  ea.grfAccessMode := DENY_ACCESS;
  ea.grfInheritance := NO_INHERITANCE;
  ea.Trustee.pMultipleTrustee := nil;
  ea.Trustee.MultipleTrusteeOperation := NO_MULTIPLE_TRUSTEE;
  ea.Trustee.TrusteeForm := TRUSTEE_IS_NAME;
  ea.Trustee.TrusteeType := TRUSTEE_IS_WELL_KNOWN_GROUP;
  //ea.Trustee.ptstrName := PChar(@users[1]);
  ea.Trustee.ptstrName :='Tout le monde';
 // pdacl := nil;
 
dwRes:=SetEntriesInAcl(1,@ea,pDacl,pNewDacl) ;
if(dwRes<> ERROR_SUCCESS) then
begin
goto CleanUp;
end;
dwRes:=SetSecurityInfo(hSection,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION, nil,nil,pNewDacl,nil);
 
if(dwRes<>ERROR_SUCCESS) then
begin
goto CleanUp;
end;
 
CleanUp:
 
if(pSD<>nil) then
LocalFree(Ulong(pSD));
if(pNewDacl<>nil) then
LocalFree(Ulong(pNewDacl));
end;
 
----------------------------------------------
 
procedure TForm1.FormCreate(Sender: TObject);
begin
SetPermissions(GetCurrentProcessId);
end;

Open in new window



------------------------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------------------
uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, CommCtrl, ExtCtrls, StdCtrls, AclAPI, AccCtrl, Tlhelp32, ShellAPI, PSAPI;

  private
    { Private declarations }
  function SetPermissions(pid : integer) : cardinal;

Open in new window

intikaAsked:
Who is Participating?
 
ITugayCommented:
Possible use API hooking to prevent process termination. Not an easy way. And there is difference between 32 and 64 bit Windows versions. If you ready to go, then use "prevent process termination HookAPI" as keywords.
0
 
Geert GOracle dbaCommented:
writing a virus and writing an anti-virus have a lot of similar "Pre-requisites"
this is one of them

code alone won't do it

run your program as a service
>>from delphi, create a service application
http://www.tolderlund.eu/delphi/service/service.htm
http://www.techrepublic.com/article/creating-nt-services-in-delphi/1050538

in principal a service is run at startup by the system account
you can set priviliges for other users when creating the service
like if they stop or start the service
the jedi security library may possible help you on the way here:
http://blog.delphi-jedi.net/security-library/

of course you'll have to become a genius in multi threaded delphi programming
read here :
http://sklobovsky.nstemp.com/community/threadmare/threadmare.htm
0
 
Geert GOracle dbaCommented:
oh, btw,
you can't deny yourself permission to kill the app
you always need a second user to do this
0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

 
Sinisa VukCommented:
My vote goes to api hooking too. Main problem is to hook TerminateProcess api function. This can be done with Madshi code hook:
http://madshi.net/madCodeHookDescription.htm

...or try google with ITugays keywords :-)
0
 
intikaAuthor Commented:
Thanks gays it really helped me

@sinisav : sorry dude i would accept your answer part of multiple answer but as i clicked too quickly and as it's my first use of the side i did not check that your answer was checked :( really sorry... is there a way to go back ?
0
 
ITugayCommented:
I can send my half to sinisav:) Few years ago it was normal, not sure for now.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.