views:

834

answers:

6

Is there any way to protect my Delphi application from being killed by the Windows task manager (or others like Process Explorer)?

I think Windows messages can do that (by doing a hook and intercepting the TerminateProcess message).

I want an example of this protection. The Kaspersky Anti-Virus suites are like this; we can't end their process in Task Manager.

+9  A: 

As Kornel says, there are OS-level protection of processes isolated by users. But generally speaking, there's no way to stop your process from being terminated by a user with permission to do so. And a user has permission to terminate processes running as that user.

Even if you wanted to run it as SYSTEM, you couldn't use this process to interact with the logged on user. You'd need to run it as a service and it would have no GUI. You could try other approaches such as getting a DLL loaded into a process like Explorer.exe that users won't terminate because they don't want to, but that's just abusive.

It would be a very bad situation for end users if developers could just write applications that could not be terminated. If this is an internal application you might check Server Fault to see if there's some way of achieving it with Group Policy.

Josh Einstein
+6  A: 

AV Programs like Kaspersky probably use a driver and use hook to prevent termination. In your situation I would advise to set an ACL on the process, this prevents termination with Task Manager or cmdline tools (if the user does not have the Debug privilege). Of course the user can always use a tool like Process Explorer, take ownership of the process, set new ACL and Terminate.

If the user is not an administrator it would suffice to run the process in a different user context (eg launch it from a service).

Setting a process ACL is very easy with the Jedi Windows Security Library as this sample shows.

Remko
djiga4me
If Remko's is the answer you like, you should mark it as the accepted answer.
Josh Einstein
A: 

Create an NT-service project, service processes can't be killed with Process Manager, but are controlled by the internal service manager.

Stijn Sanders
+6  A: 

This is a very bad idea. If your program is running on someone else's computer, it's on their property, not yours, and needs to behave itself as a guest in their home. That means you don't act as if you own the place, and you certainly don't tell the computer's owner what he can't do with his own property, such as kill a task he doesn't want running. If you do that, then your program is no better than malware, and is likely to be treated like malware.

Mason Wheeler
A: 

hi 3 mounth ago i was in ur place searching all froums hoping find a way to do this trick but no luck!! then i decided to dig into windows processes and apis and finally found a way! now i wrot a program that can not be closed dy any task manager and this program can whatch your app and as soon as it closes my program will open it agane i tested it in winxp and i'm working on it on win7 so if you want your problem to be solved do as i say? send me an email and on that email send your application name(yourapp.exe ) and the address you wish to run your app(d:\mayapp\mayapp.exe) i'll make an espesial version of my program for your app and send it to you [email protected]

mohammad fatemi
Please, tell us the name of your product. I'll make sure that it'll be never installed on my machines.
Alexander
+1  A: 

I think that you're asking a wrong question.

You trying to solve "what if connection will be terminated in the middle of chat with server" problem in the wrong way. The answer is not to "deny process termination", but to "foresee connection problems and write error-fallback code"!

Why? Cause, obviosly, connection termination can be due to network problems (you can't deny your users to unplug machine from network) and not termination of the client!

Why can't you trap TerminateProcess?

And if you're worried about application crashed - just use Application Restart & Recovery API.

Alexander