-5

I have written a Windows service that does a critical job. My program has 5 threads that do a critical job and I don't want them to be terminated.

I use process hacker , in threads tab I can terminate any of the 5 thread without causing the whole program to get terminated (because programs are just container) and the critical job is not done when user or a hacker (my program is a security program and users may want to make it not work) terminates one the threads (i resume the thread if they get suspended but have no strategy preventing or fixing termination of thread)

How can I protect those 5 threads from termination?
(I've made the program itself critical but is does have no value when thread can be easily terminated)

emaditaj
  • 177
  • 9
  • If a user has permission to kill threads then, not surprisingly, they can kill threads and there's very little you can do to prevent this. Why not create a proper Windows service that will auto-restart if killed? – tadman Dec 18 '17 at 21:48
  • If the attacker can terminate your threads then they can just stop the service. – David Heffernan Dec 18 '17 at 21:48
  • 3
    Like Eric Lippert said: https://stackoverflow.com/questions/16968581/how-to-prevent-an-app-from-being-killed-in-task-manager#comment24507766_16968581 – Thomas Weller Dec 18 '17 at 21:51
  • 6
    Rather than giving your users security permissions to do things that you don't want them to do, and then writing a program running with equal permissions to try to stop them, you should *not actually give the user permissions to do things you don't want them to be able to do*. The security system is there for a reason, use it. – Servy Dec 18 '17 at 21:52
  • 2
    I will not kill the thread. I will first suspend it, then freeze it. Your critical job will not be done. – Thomas Weller Dec 18 '17 at 21:53
  • tadman my service auto starts if terminated (even it has critical flag do termiating will result in bsod ) but problem is killing some of the threads does not terminate the whole process so i doesn't get terminated and restarted – emaditaj Dec 18 '17 at 21:57
  • Servy : it's the question – emaditaj Dec 18 '17 at 21:59
  • Servy :how can i deny the user from being able to terminate one threads of my process – emaditaj Dec 18 '17 at 22:00
  • 2
    @emaditaj It's an impossible problem. Impossible by definition. No matter what you try to do, it will always be defeatable. You need to use a suitable solution to your problem, one that actually is capable of solving it, and that's to not actually give users security permissions to do things you don't want them to be able to do. – Servy Dec 18 '17 at 22:01
  • 4
    You've really got this backwards. Privileged users can do privileged acts. Don't worry about that. Let the security system do its job. – David Heffernan Dec 18 '17 at 22:02
  • 2
    I'm voting to close this question as off-topic because trying to fight the system instead of applying its security infrastructure is not a practical software engineering problem. Nor a practical programming problem. – IInspectable Dec 18 '17 at 22:30
  • This is not a reasonable requirement:( – Martin James Dec 19 '17 at 00:00
  • found a solution and added as a answer i thank all of you for spending your time for helping me – emaditaj Dec 19 '17 at 03:29
  • Thomas Weller : i have a watch dog process that resumes every 1sec – emaditaj Dec 20 '17 at 06:43
  • can i ask why this question is getting down votes ?? you guys think this is not a problem ? – emaditaj Dec 20 '17 at 06:44

1 Answers1

-1

I found a solution to my problem.

First let me explain how I achieved this:

I made 2 watchdog threads that the first one recreates the 5 threads and WatchDogThread2 when terminated and the second one does the same to watchdog 1 (this took me to long because of Thread.IsAlive was always returning true even when the thread was terminated finally used Thread.Join() and join was working).

When one of the watchdog threads are running after a termination, it is recreating the lost one. But after 10-30 seconds and exception was thrown in a part that had no relation to watchdogs.

I retried it for many times and did some debugging.
After 30-50 tries and edit I saw that this exception is thrown in random parts of code not only the particular part.

So I started researching about the exception

ExecutionEngineException

I found out that CRL throws this when something in the code has gone wrong. First, I thought that this issue is coused by one of the watchdogs so I changed them a few times but the error was still there (just the time until it was thrown changed a little bit).
So I removed them completely and started the program and terminated one the 5 thread.
This time nothing happened

I did this for a few more times with some edits and saw this exception happens when not using watchdogs, too. The exception came after 2-3 min instead of 10-30 seconds with the watchdogs.

I researched again and Microsoft wrote on MSDN that this was happening sometimes if a Garbage Collection was done. I disabled the Garbage Collation and recieved no longer the exception.

I wrote another thread that forced Garbage to collate every 0.5 second and saw after a thread is terminated the program received ExecutionEngineException and crashed.

This was the solution for garbage collation so the entire process crashes and restarts / BSOD happens.

Final Solution

If a thread is terminated and garbage collection triggers, then CRL throws ExecutionEngineException.
Just do a manual garbage collation every 0.5 sec so the program will crash and restart.

Code:

Thread t1 = new Thread(delegate () {  
    while (true) { 
        System.GC.Collect(); 
        Thread.Sleep(500); 
    } 
}); 

t1.Start();

You can start two of those threads for more security (if the user terminates t1, garbage collection will be triggered after 0-10 mins and in this time he will do whatever you want).

Community
  • 1
  • 1
emaditaj
  • 177
  • 9
  • 500 ms is **loads** of time for an attacker to terminate your watchdog thread, before it even gets a chance to start its sentinel. In particular, since you rely (unduly, at that, too) on exceptions. Any debugger can be set up to break, when an exception is raised. This is not a solution. As an aside, I don't know what a *"CRL"* is. – IInspectable Dec 19 '17 at 18:43
  • crl=Common Language Runtime .net code is translated to crl at first ExecutionEngineException is uncatchable (atleast with visual stdio debugger and try{}catch(Exception e){} that ii've tried 500ms may be enough for and auto written tool for spectioally terminating my software but i''m not considering prenvet that i wated to prevent manuall attams with tools like process hacker an attacker that writes a tool for this can bypas any protection i consider that's not my aim – emaditaj Dec 23 '17 at 01:45
  • 1
    The Common Language Runtime is abbreviated as CLR, not CRL. I'd comment on the rest of your comment, but am unable to understand any of it, due to complete lack of punctuation. – IInspectable Dec 24 '17 at 22:26