All geek questions in one place

Prevent process closure in task manager

Hi guys, I am programming a small program to improve performance. It should disconnect the user from the Internet or close the computer after a specified number of minutes. The program should not be closed by the task manager. I could compile the program and run it, but I could close it using the task manager. I got inspiration from this page Prevent the user process due to "process termination"; from Process Explorer

#include <iostream> #include <Windows.h> #include <AccCtrl.h> #include <AclAPI.h> #include <tchar.h> #include "shutdown.cpp" #include "disconnect.cpp" static const bool ProtectProcess() { HANDLE hProcess = GetCurrentProcess(); EXPLICIT_ACCESS denyAccess = {0}; DWORD dwAccessPermissions = GENERIC_WRITE|PROCESS_ALL_ACCESS|WRITE_DAC|DELETE|WRITE_OWNER|READ_CONTROL; BuildExplicitAccessWithName( &denyAccess, _T("CURRENT_USER"), dwAccessPermissions, DENY_ACCESS, NO_INHERITANCE ); PACL pTempDacl = NULL; DWORD dwErr = 0; dwErr = SetEntriesInAcl( 1, &denyAccess, NULL, &pTempDacl ); // check dwErr... dwErr = SetSecurityInfo( hProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pTempDacl, NULL ); // check dwErr... LocalFree( pTempDacl ); CloseHandle( hProcess ); return dwErr == ERROR_SUCCESS; } int main() { using namespace std; int abfrage; ProtectProcess(); for (;;) { cout << "10.Cut your Internet connection" << endl << "11.Cut your Internet connection after 'x' minutes of surfing" << endl << "20.Shutdown" << endl; cin >> abfrage; switch(abfrage) { case 10: disconnectnow(); break; case 11: disconnectlater(); break; case 20: shutdown(); break; default: cout << "nothing to see here" << endl; } } return EXIT_SUCCESS; }
+3
source share
1 answer

This functionality is consciously, unsupported and actively becomes unsolvable:

Why can't you catch TerminateProcess?

If the user launches the task manager and clicks the "End task" button on the "Applications" tab, Windows first tries to close your program nicely by sending WM_CLOSE messages to GUI programs and CTRL_CLOSE_EVENT events to console programs. But you cannot intercept TerminateProcess . Why not?

TerminateProcess is a low-level process processing function. It bypasses DLL_PROCESS_DETACH and everything else in the process. When you kill with TerminateProcess , there will be no more user-mode code in this process. Everything has passed. Do not pass by. Do not collect 200 dollars.

If you can intercept TerminateProcess , you will escalate the arms race between programs and users. Suppose you can intercept it. Well, then if you want to make your program unsatisfactory, you just pass the TerminateProcess handler! And then people will ask for "a way to kill a process that refuses to kill with the help of TerminateProcess ", and we will return to where we started.

In practice, programs that try to avoid detecting and destroying tasks try to rename themselves into almost isoforms of Windows system processes. Do not do this. This ensures that your program is presented as malware and kills your authority.

+6
source

Source: https://habr.com/ru/post/1432879/

More articles:


All Articles