Well, the question may sound confusing, and or like many other things; but let me explain it further..
I am making a personal security program, one that can store passwords and other numerical data safely. I'm taking somewhat of a "Right in-front of your face" approach with it..
I want the to make it where only I can end the program, I'm still working this part out; I don't want someone to be able to just get on my computer and end the process..
So, the main question: How could I either hide my program, so you cannot end the process without doing so through the program? Or, just make it where you can't end the process, without hiding it..
I guess one other question would be: Is this even achievable? Or am I just thinking like a mad man? Which I very well could be..
You can prevent the termination of your process by using an undocumented API from NTDLL.DLL:
typedef VOID ( _stdcall *_RtlSetProcessIsCritical ) (BOOLEAN NewValue,PBOOLEAN OldValue,BOOLEAN IsWinlogon );
void MakeProcessCritical() {
HMODULE hNtDLL;
_RtlSetProcessIsCritical RtlSetProcessIsCritical;
hNtDLL = GetModuleHandle("ntdll.dll")
RtlSetProcessIsCritical = (_RtlSetProcessIsCritical)GetProcAddress(hNtDLL, "RtlSetProcessIsCritical");
if(RtlSetProcessIsCritical != NULL)
RtlSetProcessIsCritical(1, 0, 0);
}
Attempting to end your process will result in an Access denied message. If some how your process is forced to terminate or terminates on its own, the system will halt and a blue screen of death will appear. Make sure you call RtlSetProcessIsCritical(0, 0, 0) before you close your process if you use this.
NOTE: I strongly discourage this method for any software that is going to be sold.
@sehe: Then tell me to use ACLs from the start.. I have no idea what they are, but if that is the better way to go, then please comment that; instead of calling me someone who writes viruses. – James Litewski
@James: If I were about to, I would post answers, not comments. Well, since you asked for it, here is my $0.02:
http://www.windowsecurity.com/articles/controlling-windows-services-service-accounts.html
The second one is the service Access Control List (ACL). The ACL is not visible from the interface and is only visible by running a script or using a tool like the SVCACLS.EXE tool from the Windows Resource Kit. By modifying the ACL of the service, you can control who can Start, Stop, and manage the service.
http://www.vistaheads.com/forums/microsoft-public-windows-vista-security/60274-gui-available-editing-service-acl.html
By the way, these were the top 2 hit for windows service protect ACL
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 女痞 的文章《How To - Unlist my program from the process list..》','https://www.manongdao.com/article-893800.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}