- Forum
- Windows Programming
- How to protect my process from being kil
How to protect my process from being killed???
closed account (3hMz8vqX)
Hi everyone,
I im making a small parental controls example
I have searched a lot of protecting process and came across functions such as "RtlSetprocessIsCritical" etc, Then I also came across the SetKernelObjectSecurity() etc. . .
On using the SetKernelObjectSecurity() I could prevent regular users from killing my process but when the taskmanager is run as admin it will kill the program!
Have you seen AV programs like avast and Kaspersky etc
They cant be killed even from taskmgr as admin How do I get the same effect on WINAPI c++ Im using Win7 Orwell dev c++ TDM-Gccx64
I know you people have some solution . . .
Can you please shed some light on this ???
I im making a small parental controls example
I have searched a lot of protecting process and came across functions such as "RtlSetprocessIsCritical" etc, Then I also came across the SetKernelObjectSecurity() etc. . .
On using the SetKernelObjectSecurity() I could prevent regular users from killing my process but when the taskmanager is run as admin it will kill the program!
Have you seen AV programs like avast and Kaspersky etc
They cant be killed even from taskmgr as admin How do I get the same effect on WINAPI c++ Im using Win7 Orwell dev c++ TDM-Gccx64
I know you people have some solution . . .
Can you please shed some light on this ???
Hi,
could You show what DACL do You set by
Are You sure You don't left PROCESS_TERMINATE right granted to any user?
You can ensure what is current ACL for your process via Process Explorer from Windows Internals:
http://technet.microsoft.com/pl-pl/sysinternals/bb896653.aspx
Please search inside 'Security' -> 'privileges' -> 'Special privileges' tab.
could You show what DACL do You set by
SetKernelObjectSecurity ?Are You sure You don't left PROCESS_TERMINATE right granted to any user?
You can ensure what is current ACL for your process via Process Explorer from Windows Internals:
http://technet.microsoft.com/pl-pl/sysinternals/bb896653.aspx
Please search inside 'Security' -> 'privileges' -> 'Special privileges' tab.
Last edited on
AV programs uses 2 processes (usually windows services) which monitor each other. Once one of them is terminated it relaunches the second process and so on.
closed account (3hMz8vqX)
hi all this is how i set the acl#include <Windows.h>
#include <Aclapi.h>
BOOL DenyAccess()
{
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, GetCurrentProcessId());
SECURITY_ATTRIBUTES sa;
TCHAR * szSD = TEXT("D:P") ;
TEXT("(D;OICI;GA;;;BG)"); // Deny access to
// built-in guests
TEXT("(D;OICI;GA;;;AN)") ; // Deny access to
// anonymous logon
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = FALSE;
if (!ConvertStringSecurityDescriptorToSecurityDescriptor(szSD, SDDL_REVISION_1, &(sa.lpSecurityDescriptor), NULL))
return FALSE;
if (!SetKernelObjectSecurity(hProcess, DACL_SECURITY_INFORMATION, sa.lpSecurityDescriptor))
return FALSE;
return TRUE;
}
Usage:
1
2
3
4
#include <Aclapi.h>
BOOL DenyAccess()
{
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, GetCurrentProcessId());
SECURITY_ATTRIBUTES sa;
TCHAR * szSD = TEXT("D:P") ;
TEXT("(D;OICI;GA;;;BG)"); // Deny access to
// built-in guests
TEXT("(D;OICI;GA;;;AN)") ; // Deny access to
// anonymous logon
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = FALSE;
if (!ConvertStringSecurityDescriptorToSecurityDescriptor(szSD, SDDL_REVISION_1, &(sa.lpSecurityDescriptor), NULL))
return FALSE;
if (!SetKernelObjectSecurity(hProcess, DACL_SECURITY_INFORMATION, sa.lpSecurityDescriptor))
return FALSE;
return TRUE;
}
Usage:
1
2
3
4
Topic archived. No new replies allowed.