Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C++ C security VC++
Hi,
 
I am C++/VC++ developer. I have launch one process in windows start up. I want that process should not get killed using task manager or any such application. How should I go for this.
 
If possible,please do not suggest device driver programming.
 
Thanks in advance
Posted 24-Feb-12 2:14am
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 3

I believe a common approach is to use a "watchdog" process that monitors the main process and re-starts it if it is terminated. Then of course the main process must monitor the watchdog.
 
Not bullet proof but annoying enough.
  Permalink  
Comments
Pranit Kothari at 24-Feb-12 10:46am
   
Sounds good! But a small problem, but any power user can run service.msc and stop the service.
Stefan_Lang at 24-Feb-12 11:04am
   
This approach of a watchdog may actually work, if the watchdog runs remotely on a server, rather than locally, on the same PC. Of course that assumes the PCs are connected in a LAN. But if the purpose is to run an antivirus check, then there must be some kind of network. or else there would be little danger for catching a virus in the first place ;-)
bjorn_ht at 24-Feb-12 11:28am
   
Yes, the processes can be killed or die because you have a bug. The point with the watchdog is to make sure it starts again.
 
You can do that for instance by letting each process own a named mutex, then the other process can wait for that mutex and it knows the process died unexpetedly if the wait returns WAIT_ABANDONED.
 
So assuming you have N processes watching each other, then each would at startup
1. Try to obtain ownership of mutex "WATCHDOGMUTEX_n",
- If that fails, exit, watchdog n is already running
2. Call WaitForMultipleObjects on "WATCHHDOGMUTEX_~n" (so all except its own)
3. When that call returns, one of the other processes abandoned the mutex, i.e. died.
 
You are still vulnerable to programs that go after your processes, but so it should be.
bjorn_ht at 24-Feb-12 11:36am
   
I'm not talking about services, just regular processes you spawn with CreateProcess(). I agree that windows services is not the right thing here.
bjorn_ht at 24-Feb-12 11:19am
   
Yeah, this is the approach antivirus - and virus for that matter - often take. Even with the watchdog on the local system, you have fairly good protection against users in the task manager since it takes a while to kill a process there, so the remaining process(es) has ample time to restart the process that was killed before the user gets around to killing the next process.
Pranit Kothari at 25-Feb-12 0:23am
   
5! Exactly what I wanted..
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 5

- Windows has Job Kernel Object which can be used to monitor activities of processes, even it can be used to monitor the process which created it.
- JOB_OBJECT_MSG_EXIT_PROCESS can be used to if the process gets terminated.
- By handling the above message the terminated process can be restarted by calling CreateProcess() or spawn().
  Permalink  
Comments
Pranit Kothari at 27-Feb-12 2:23am
   
Seems resonable!5!
pxdbxq at 27-Feb-12 3:34am
   
I wonder if there is a Windows Message sended when a process is about to be killed rather it has been killed...
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 4

If you are operating at the "USER LEVEL" (your process is running under the user account, respect to the OS) then you cannot do that (and it sounds very suspicions doing that).
 
You application, respect to the user, has exactly the same rights every other application has, and don't include the right to change the OS behavior respect to the computer (that belongs to the user, not to you) or to the user himself (he has the licence to use all the features of the OS he payed for, not you)
 
Of course you can implement some tricks like making another process to control the first and restart it if dead. But the user can himself stop them both.
 
If you own the computers (in the same that they belong to a same organization you and your users also belongs) the clean solution is to operate a process running at system level (in practice a service) running under an administrative account (ideally a specific one) distinct from the user one, that has the grant to start process under user impersonation.
 
In other words, you create in your organization a "user" that has the power to control the user's running process.
  Permalink  
Comments
pxdbxq at 27-Feb-12 3:35am
   
agree......
bjorn_ht at 27-Feb-12 5:29am
   
My knee jerk reaction here was exactly the same - I even think I made a comment alluding to that.
 
Still lots of software do exactly what the OP wants. There are a lot of scenarios where you want your process to start as a regular user process under a desktop user and you want to provide rudimentary protection for your process. Not necessarily protection from the user as such but from malicious software and from user errors.
 
For instance, kill all the processes that have systray icons on your own desktop and I bet you at least one of them starts up again by itself.
Emilio Garavaglia at 27-Feb-12 15:09pm
   
Yes, but those processes are launched by services, not by other user-level processes. If you're a a system extension, it's you hosting the user, but if you are a user process is the user hosting you. He has the full right to shut you down.
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

Have a look at "services"
 
Max.
  Permalink  
Comments
Pranit Kothari at 24-Feb-12 9:18am
   
I thought of that.. but any power user can run service.msc and stop the service.
Maximilien at 24-Feb-12 9:53am
   
The most important question is why you want to prevent people to kill your process? It does not make sense, you do not want to hijack a computer like that; and I'm certain the users do not want that either.
Pranit Kothari at 24-Feb-12 10:48am
   
I am writing software for a company which runs antivirus program in background and do full scanning on Wednesday. People anyway don't like these type of activity(they should but they don't).. so..
Maximilien at 24-Feb-12 10:59am
   
The antivirus should be run as administrator ("system"?) so, powerusers should not be able to kill the process;I tried at work, where I'm a local administrator, while, I assume, the antivirus runs with the domain administrator permissions and I cannot kill the processes.
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

If you make Main Application Parent Window Hidden, then process will not be seen in Task Manager.
  Permalink  
Comments
Pranit Kothari at 24-Feb-12 7:46am
   
I don't want a trick.. i need something I can use in world class application..
bjorn_ht at 24-Feb-12 10:16am
   
No "world class application" even attempts to prevent users from terminating the process.
Chandrakantt at 24-Feb-12 7:55am
   
I don't think so that Microsoft have provided any direct method in user mode for hiding an application from Task Manager. If it does then most of the application will hide itself from the task manager so that users would not be able to kill their application.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



Advertise | Privacy | Mobile
Web01 | 2.8.141220.1 | Last Updated 27 Feb 2012
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100