I write program for defence system, antivirus anti malware etc. And i have a problem with defensing process from killing thru tast manager->Kill Process. I test some antiviruses and they dont let me to kill his process. I only can stop them in services. How i开发者_如何学Python can create this defence for my programm. Thanks!
Stopping a process is done with a call to TerminateProcess (Win32 API). By default, it is not possible to kill a process that is running under a security context different than the one of the process who issued the call to TerminateProcess.
A user mode running service can be configured (with Service control manager) such that it will be restarted if some one kills the service. However if you don't want the service to be stopped from service control manager interface or using "net stop " command, you can set the "dwControlsAccepted" field of SERVICE_STATUS structure appropriately when creating the service.
Also keep this in consideration that it is possible to end any process even though it is a service or a system process by previously enabling the debug privilege. This privilege is assigned to Administrators and is disabled in the access token. While Task Manager does not make use of the debug privilege, the KILL utility (provided with windows resource kit) does.
What you observe is common for service applications, i.e. you need to have a service for this.
Antivirus software usually employs several kernel-mode drivers (network filters, file system filters etc.), which have an additional function of checking if user-mode process is available, and if no, they restart it (they also control execution state for the service).
Also a service can monitor presense of the UI process and restart it. And UI process in turn can check the state of the service. It's quite tricky (though possible) to stop both processes in parallel, so this scheme can also work.
I guess you will come to the same architecture.
But in general, rootkits bypass all those tricks, and rootkits are what possesses the most significant threat to modern computers.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论