Click here to Skip to main content
15,880,796 members
Search within:


My process should not get killed without knowing passord
Please Sign up or sign in to vote.
3.67/5 (3 votes)
Hi,

I am C++/VC++ developer. I have launch one process in windows start up. I want that process should not get killed using task manager or any such application. How should I go for this.

If possible,please do not suggest device driver programming.

Thanks in advance
Posted
Add a Solution

5 solutions

I believe a common approach is to use a "watchdog" process that monitors the main process and re-starts it if it is terminated. Then of course the main process must monitor the watchdog.

Not bullet proof but annoying enough.
 
Share this answer
 
Posted
Comments
[no name] 24-Feb-12 10:46am    
Sounds good! But a small problem, but any power user can run service.msc and stop the service.
Stefan_Lang 24-Feb-12 11:04am    
This approach of a watchdog may actually work, if the watchdog runs remotely on a server, rather than locally, on the same PC. Of course that assumes the PCs are connected in a LAN. But if the purpose is to run an antivirus check, then there must be some kind of network. or else there would be little danger for catching a virus in the first place ;-)
bjorn_ht 24-Feb-12 11:28am    
Yes, the processes can be killed or die because you have a bug. The point with the watchdog is to make sure it starts again.

You can do that for instance by letting each process own a named mutex, then the other process can wait for that mutex and it knows the process died unexpetedly if the wait returns WAIT_ABANDONED.

So assuming you have N processes watching each other, then each would at startup
1. Try to obtain ownership of mutex "WATCHDOGMUTEX_n",
- If that fails, exit, watchdog n is already running
2. Call WaitForMultipleObjects on "WATCHHDOGMUTEX_~n" (so all except its own)
3. When that call returns, one of the other processes abandoned the mutex, i.e. died.

You are still vulnerable to programs that go after your processes, but so it should be.
bjorn_ht 24-Feb-12 11:36am    
I'm not talking about services, just regular processes you spawn with CreateProcess(). I agree that windows services is not the right thing here.
bjorn_ht 24-Feb-12 11:19am    
Yeah, this is the approach antivirus - and virus for that matter - often take. Even with the watchdog on the local system, you have fairly good protection against users in the task manager since it takes a while to kill a process there, so the remaining process(es) has ample time to restart the process that was killed before the user gets around to killing the next process.
- Windows has Job Kernel Object which can be used to monitor activities of processes, even it can be used to monitor the process which created it.
- JOB_OBJECT_MSG_EXIT_PROCESS can be used to if the process gets terminated.
- By handling the above message the terminated process can be restarted by calling CreateProcess() or spawn().
 
Share this answer
 
Posted
Comments
[no name] 27-Feb-12 2:23am    
Seems resonable!5!
pxdbxq 27-Feb-12 3:34am    
I wonder if there is a Windows Message sended when a process is about to be killed rather it has been killed...
If you are operating at the "USER LEVEL" (your process is running under the user account, respect to the OS) then you cannot do that (and it sounds very suspicions doing that).

You application, respect to the user, has exactly the same rights every other application has, and don't include the right to change the OS behavior respect to the computer (that belongs to the user, not to you) or to the user himself (he has the licence to use all the features of the OS he payed for, not you)

Of course you can implement some tricks like making another process to control the first and restart it if dead. But the user can himself stop them both.

If you own the computers (in the same that they belong to a same organization you and your users also belongs) the clean solution is to operate a process running at system level (in practice a service) running under an administrative account (ideally a specific one) distinct from the user one, that has the grant to start process under user impersonation.

In other words, you create in your organization a "user" that has the power to control the user's running process.
 
Share this answer
 
Posted
Comments
pxdbxq 27-Feb-12 3:35am    
agree......
bjorn_ht 27-Feb-12 5:29am    
My knee jerk reaction here was exactly the same - I even think I made a comment alluding to that.

Still lots of software do exactly what the OP wants. There are a lot of scenarios where you want your process to start as a regular user process under a desktop user and you want to provide rudimentary protection for your process. Not necessarily protection from the user as such but from malicious software and from user errors.

For instance, kill all the processes that have systray icons on your own desktop and I bet you at least one of them starts up again by itself.
Emilio Garavaglia 27-Feb-12 15:09pm    
Yes, but those processes are launched by services, not by other user-level processes. If you're a a system extension, it's you hosting the user, but if you are a user process is the user hosting you. He has the full right to shut you down.
Have a look at "services"

Max.
 
Share this answer
 
Posted
Comments
[no name] 24-Feb-12 9:18am    
I thought of that.. but any power user can run service.msc and stop the service.
Maximilien 24-Feb-12 9:53am    
The most important question is why you want to prevent people to kill your process? It does not make sense, you do not want to hijack a computer like that; and I'm certain the users do not want that either.
[no name] 24-Feb-12 10:48am    
I am writing software for a company which runs antivirus program in background and do full scanning on Wednesday. People anyway don't like these type of activity(they should but they don't).. so..
Maximilien 24-Feb-12 10:59am    
The antivirus should be run as administrator ("system"?) so, powerusers should not be able to kill the process;I tried at work, where I'm a local administrator, while, I assume, the antivirus runs with the domain administrator permissions and I cannot kill the processes.
If you make Main Application Parent Window Hidden, then process will not be seen in Task Manager.
 
Share this answer
 
Posted
Comments
[no name] 24-Feb-12 7:46am    
I don't want a trick.. i need something I can use in world class application..
bjorn_ht 24-Feb-12 10:16am    
No "world class application" even attempts to prevent users from terminating the process.
Chandrakantt 24-Feb-12 7:55am    
I don't think so that Microsoft have provided any direct method in user mode for hiding an application from Task Manager. If it does then most of the application will hide itself from the task manager so that users would not be able to kill their application.
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise
Privacy
Cookies
Terms of Use
Last Updated 27 Feb 2012
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web02 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900