如何让windows服务难以停止? [英] How to make a windows service hard to stop?
问题描述
我致力于为儿童开发 Windows 生产力和监控工具.我尝试创建一个 C# windows 服务,尽可能难以让用户停止.如果用户不是管理员,这很容易 - 服务无法停止.问题是当用户具有管理员权限时.不幸的是,这种情况经常发生,因为孩子们拥有管理员权限,因此他们可以自己安装应用和游戏.
I work on a windows productivity and monitoring tool for children. I try to create a C# windows service as hard to stop by user as possible. If the user is not an admin it is easy - the service can not be stopped. The problem is when the user has admin rights. Unfortunately thats often the case because kids have admin rights so that they can install apps and games by themselves.
目前我的服务在本地系统下运行并在启动后自动启动.理想情况下,该服务应该仅通过软件卸载、重新安装或 Windows 关闭或重新启动等来停止.
Currently my service runs under Local System and starts automatically after boot up. Ideally the service is supposed to be stopped only by software uninstallation, reinstallation or windows shutdown or restart etc.
现在我使用某种黑客/解决方法.我创建了两个服务,它们会定期(每 1-2 秒)相互检查其他服务是否仍在运行,如果不是,则重新启动它.这是一个丑陋的解决方案,绝对不是万无一失的.如果您足够快,可以停止这些服务,这可能会在卸载或重新启动计算机期间导致问题.这就是为什么我正在寻找更好的解决方案.
Right now I use sort of hack/workaround. I created two services which periodically (every 1-2 seconds) check each other whether the other service is still running and restarts it in case it is not. This is an ugly solution and definitely not foolproof. The services can be stopped if you are fast enough and it might cause problems during uninstallation or computer restart. Thats why I am looking for a better solution.
最好的情况我希望行为类似于即使管理员也无法停止的防病毒软件服务.我知道这是不可能的.我意识到他们可能有一些来自 微软行业协作计划.但我不想走到这一步.我认为这有点矫枉过正.我不从事防病毒应用程序.
The best case scenario I would like behaviour similar to the antivirus software service which can not be stopped even by admin. I know this is not possible. I realize that they probably have some special API permissions from microsoft industry collaboration program. But I do not want to go this far. I think it would be a little bit overkill. I dont work on antivirus application.
我知道管理员用户总是能够找到停止进程或服务的方法.我只是想实现一些至少可以在大多数常见的儿童"攻击中幸存下来的东西.或者至少,终止服务会带来很多痛苦或工作,以便用户最终放弃.
I know that the admin user is always able to find a way to stop the process or service. I just want to achieve something that would at least survive most of the common "child" attacks. Or at least that it would be a lot of pain or work to kill the service so that the user would give up eventually.
如何让服务难以停止?
非常感谢您的建议.
推荐答案
不参与讨论这个...
程序可以尝试使自己更难被杀死(拒绝 PROCESS_TERMINATE 访问,拒绝 PROCESS_CREATE_THREAD 访问因此人们无法 CreateRemoteThread(EndProcess),拒绝 PROCESS_VM_WRITE 以便人们无法乱写到您的堆栈并使您双重错误,拒绝 PROCESS_SUSPEND_RESUME 等他们无法暂停您),但最终您无法阻止他们,例如,提升到调试权限,调试您的进程,并将 EIP 移至ExitProcess".
Programs can try to make themselves more difficult to kill (deny PROCESS_TERMINATE access, deny PROCESS_CREATE_THREAD access so people can't CreateRemoteThread(EndProcess), deny PROCESS_VM_WRITE so people can't scribble into your stack and make you doublefault, deny PROCESS_SUSPEND_RESUME so they can't suspend you), but eventually you just can't stop them from, say, elevating to Debug privilege, debugging your process, and moving EIP to "ExitProcess".
最终一切都可以杀死.
您可能想阅读以下内容:
You probably want to have a read of:
http://csharptest.net/1043/how-to-prevent-users-from-killing-your-service-process/
和
https://blogs.msdn.microsoft.com/oldnewthing/20040216-00/?p=40603/
这篇关于如何让windows服务难以停止?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
