防止进程在任务管理器中关闭 [英] Prevent process from being closed in task manager
问题描述
大家好,我正在编写一个提高生产率的小程序。预设的分钟数后,它应该使用户与Internet断开连接或关闭计算机。该程序不应与任务管理器一起关闭。我可以编译该程序并运行,但是可以使用任务管理器将其关闭。我从此页面获得了灵感
防止用户进程被结束进程杀死来自Process Explorer
Hi guys I am programming a little program for becoming more productive. It should disconnect the user from the Internet or shut your computer down after a preset number of minutes. The program shouldn't be closed with task manager. I could compile the program and it run, but I could close it with task manager. I got my inspiration from this page Prevent user process from being killed with "End Process" from Process Explorer
#include <iostream>
#include <Windows.h>
#include <AccCtrl.h>
#include <AclAPI.h>
#include <tchar.h>
#include "shutdown.cpp"
#include "disconnect.cpp"
static const bool ProtectProcess()
{
HANDLE hProcess = GetCurrentProcess();
EXPLICIT_ACCESS denyAccess = {0};
DWORD dwAccessPermissions = GENERIC_WRITE|PROCESS_ALL_ACCESS|WRITE_DAC|DELETE|WRITE_OWNER|READ_CONTROL;
BuildExplicitAccessWithName( &denyAccess, _T("CURRENT_USER"), dwAccessPermissions, DENY_ACCESS, NO_INHERITANCE );
PACL pTempDacl = NULL;
DWORD dwErr = 0;
dwErr = SetEntriesInAcl( 1, &denyAccess, NULL, &pTempDacl );
// check dwErr...
dwErr = SetSecurityInfo( hProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pTempDacl, NULL );
// check dwErr...
LocalFree( pTempDacl );
CloseHandle( hProcess );
return dwErr == ERROR_SUCCESS;
}
int main()
{
using namespace std;
int abfrage;
ProtectProcess();
for (;;)
{
cout << "10.Cut your Internet connection" << endl
<< "11.Cut your Internet connection after 'x' minutes of surfing" << endl
<< "20.Shutdown" << endl;
cin >> abfrage;
switch(abfrage)
{
case 10: disconnectnow(); break;
case 11: disconnectlater(); break;
case 20: shutdown(); break;
default: cout << "nothing to see here" << endl;
}
}
return EXIT_SUCCESS;
}
推荐答案
为什么不能捕获TerminateProcess?
如果用户启动任务管理器并单击应用程序选项卡上的结束任务按钮,Windows首先尝试通过将 WM_CLOSE 消息发送到GUI程序和 CTRL_CLOSE_EVENT 事件到控制台程序。但是您没有机会拦截 TerminateProcess 。为什么?
If a user fires up Task Manager and clicks the End Task button on the Applications tab, Windows first tries to shut down your program nicely, by sending WM_CLOSE messages to GUI programs and CTRL_CLOSE_EVENT events to console programs. But you don't get a chance to intercept TerminateProcess. Why not?
TerminateProcess 是低级的进程终止功能。它绕过 DLL_PROCESS_DETACH 以及此过程中的其他所有内容。当您使用 TerminateProcess 终止时,该进程中将不再运行任何用户模式代码。它消失了。不要通过去。不要收集$ 200。
TerminateProcess is the low-level process-killing function. It bypasses DLL_PROCESS_DETACH and anything else in the process. When you kill with TerminateProcess, no more user-mode code will run in that process. It's gone. Do not pass go. Do not collect $200.
如果您可以拦截 TerminateProcess ,那么您将加剧程序与用户之间的军备竞赛。假设您可以拦截它。好吧,那么,如果您想使程序无懈可击,则只需提交您的 TerminateProcess 处理程序!然后人们会要求一种杀死被拒绝用 TerminateProcess 杀死的进程的方法,
If you could intercept TerminateProcess, you would be escalating the arms race between programs and users. Suppose you could intercept it. Well, then if you wanted to make your program unkillable, you would just hand in your TerminateProcess handler! And then people would ask for "a way to kill a process that is refusing to be killed with TerminateProcess," and we'd be back to where we started.
在实践中,试图逃避检测和杀死任务的程序会尝试将自己重命名为Windows系统进程。不要这样它保证您的程序将被提交为恶意软件,并杀死您的信誉。
In practice, programs attempting to evade detection and task kill try to rename themselves to near isoforms of the Windows system processes. Don't do this. It guarantees your program will be submitted as malware and will kill your credibility dead.
这篇关于防止进程在任务管理器中关闭的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
