Prevent user process from being killed with "End Process" from Process Explorer

c++ windows process

Solution 1:

The code given in the question is misleading. It constructs a DACL with no allow entries and one deny entry; that might make sense if you were applying the DACL to a file with inheritance enabled, but in this case the deny entry is redundant. In the Windows access control model, if a DACL exists but contains no matching ACE, access is implicitly denied.

Here's my version, which applies an empty DACL, denying all access. (Note that it returns an error code rather than a boolean.)

DWORD ProtectProcess(void)
{
    HANDLE hProcess = GetCurrentProcess();
    PACL pEmptyDacl;
    DWORD dwErr;

    // using malloc guarantees proper alignment
    pEmptyDacl = (PACL)malloc(sizeof(ACL));

    if (!InitializeAcl(pEmptyDacl, sizeof(ACL), ACL_REVISION))
    {
        dwErr = GetLastError();
    }
    else
    {
        dwErr = SetSecurityInfo(hProcess, SE_KERNEL_OBJECT, 
                   DACL_SECURITY_INFORMATION, NULL, NULL, pEmptyDacl, NULL);
    }

    free(pEmptyDacl);
    return dwErr;
}

Solution 2:

When running my copy of that has Deny set on the Terminate permission (Process Explorer shows this).

Presumably they call SetKernelObjectSecurity to change/remove the ACLs when their process loads.

Related

Set cursor to specific position in CKEditor
Create programmatically a variable product and two new attributes in WooCommerce
How do I capture the mouse move event
Simulate keystroke in Linux with Python
Microsecond resolution timestamps on Windows
Why is method overloading and overriding needed in java? [duplicate]
How to transpose mysql table rows into columns
Dynamically generate columns for crosstab in PostgreSQL
How to detect two different colors using `cv2.inRange` in Python-OpenCV?
iPhone: How to Pass Data Between Several Viewcontrollers in a Tabbar App
Typescript, merge object types?
Differences between Excel's Form Controls & ActiveX Controls