如何防止任务管理器杀死我的程序?

发布于 2024-08-16 15:01:57 字数 190 浏览 4 评论 0原文

有什么方法可以保护我的 Delphi 应用程序不被 Windows 任务管理器(或其他类似 Process Explorer)杀死?

我认为 Windows 消息可以做到这一点(通过执行挂钩并拦截 TerminateProcess 消息)。

我想要一个这种保护的例子。卡巴斯基反病毒套件是这样的;我们无法在任务管理器中结束他们的进程。

Is there any way to protect my Delphi application from being killed by the Windows task manager (or others like Process Explorer)?

I think Windows messages can do that (by doing a hook and intercepting the TerminateProcess message).

I want an example of this protection. The Kaspersky Anti-Virus suites are like this; we can't end their process in Task Manager.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(6

差↓一点笑了 2024-08-23 15:01:57

正如 Kornel 所说,对用户隔离的进程有操作系统级别的保护。但一般来说,没有办法阻止您的进程被有权执行此操作的用户终止。用户有权终止以该用户身份运行的进程。

即使您想以 SYSTEM 身份运行它,您也无法使用此进程与登录用户进行交互。您需要将其作为服务运行,并且它没有 GUI。您可以尝试其他方法,例如将 DLL 加载到像 Explorer.exe 这样的进程中,用户不会终止该进程,因为他们不想这样做,但这只是滥用行为。

如果开发人员只能编写无法终止的应用程序,那么对于最终用户来说,这将是一个非常糟糕的情况。如果这是一个内部应用程序,您可以检查服务器故障以查看是否有某种方法可以通过组策略实现它。

As Kornel says, there are OS-level protection of processes isolated by users. But generally speaking, there's no way to stop your process from being terminated by a user with permission to do so. And a user has permission to terminate processes running as that user.

Even if you wanted to run it as SYSTEM, you couldn't use this process to interact with the logged on user. You'd need to run it as a service and it would have no GUI. You could try other approaches such as getting a DLL loaded into a process like Explorer.exe that users won't terminate because they don't want to, but that's just abusive.

It would be a very bad situation for end users if developers could just write applications that could not be terminated. If this is an internal application you might check Server Fault to see if there's some way of achieving it with Group Policy.

烟柳画桥 2024-08-23 15:01:57

像卡巴斯基这样的反病毒程序可能使用驱动程序并使用钩子来防止终止。
在您的情况下,我建议在进程上设置 ACL,这可以防止任务管理器或命令行工具终止(如果用户没有调试权限)。当然,用户始终可以使用 Process Explorer 等工具,获得进程的所有权,设置新的 ACL 并终止。

如果用户不是管理员,那么在不同的用户上下文中运行该进程就足够了(例如从服务启动它)。

使用 Jedi Windows 安全库如下 示例 显示。

AV Programs like Kaspersky probably use a driver and use hook to prevent termination.
In your situation I would advise to set an ACL on the process, this prevents termination with Task Manager or cmdline tools (if the user does not have the Debug privilege). Of course the user can always use a tool like Process Explorer, take ownership of the process, set new ACL and Terminate.

If the user is not an administrator it would suffice to run the process in a different user context (eg launch it from a service).

Setting a process ACL is very easy with the Jedi Windows Security Library as this sample shows.

幼儿园老大 2024-08-23 15:01:57

这是一个非常糟糕的主意。如果您的程序在其他人的计算机上运行,​​那么它是在他们的财产上,而不是您的财产上,并且需要表现得像他们家里的客人一样。这意味着您不会表现得好像您拥有该位置,并且您当然不会告诉计算机的所有者他不能用自己的财产做什么,例如终止他不想运行的任务。如果您这样做,那么您的程序并不比恶意软件好,并且很可能被视为恶意软件。

This is a very bad idea. If your program is running on someone else's computer, it's on their property, not yours, and needs to behave itself as a guest in their home. That means you don't act as if you own the place, and you certainly don't tell the computer's owner what he can't do with his own property, such as kill a task he doesn't want running. If you do that, then your program is no better than malware, and is likely to be treated like malware.

酸甜透明夹心 2024-08-23 15:01:57

我认为你问了一个错误的问题。

您试图以错误的方式解决“如果连接在与服务器聊天过程中终止怎么办”问题。答案是不是“拒绝进程终止”,而是“预见连接问题并编写错误后备代码”!

为什么?显然,连接终止可能是由于网络问题(您不能拒绝用户从网络上拔下计算机)而不是客户端终止!

不能捕获 TerminateProcess?

为什么 担心应用程序崩溃 - 只需使用 应用程序重新启动并恢复API

I think that you're asking a wrong question.

You trying to solve "what if connection will be terminated in the middle of chat with server" problem in the wrong way. The answer is not to "deny process termination", but to "foresee connection problems and write error-fallback code"!

Why? Cause, obviosly, connection termination can be due to network problems (you can't deny your users to unplug machine from network) and not termination of the client!

Why can't you trap TerminateProcess?

And if you're worried about application crashed - just use Application Restart & Recovery API.

梦里南柯 2024-08-23 15:01:57

最简单的方法:您可以启动2个进程并让它们互相“查看”。
如果其中一个进程已关闭,请让另一个进程重新启动它。它将防止新手(正如你所说)杀死该进程。

抱歉,但我认为您的“服务器/客户端应用程序”具有木马/后门能力。 “客户端应用程序发送一些有用的数据”,“不可杀死的进程”(在您的评论中)对我来说似乎太可疑了。

The most simple way: you could just start 2 processes and let them "look" on each other.
If one of them was closed, let the other proceess restart it. It will prevent newbies (as you said) from killing that process.

Sorry, but I think that your "Server/Client application" has trojan/backdoor abilities. "Client app send some useful data" , "unkillable process" (in your comments) seem tooooo suspicous for me.

软糖 2024-08-23 15:01:57

创建一个NT-service项目,服务进程不能用Process Manager杀死,而是由内部服务管理器控制。

Create an NT-service project, service processes can't be killed with Process Manager, but are controlled by the internal service manager.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文