4

I am developing a little program for becoming more productive. It should disconnect the user from the Internet or shut your computer down after a preset number of minutes. The program shouldn't be closed with task manager. I could compile the program and it run, but I could close it with task manager. I got my inspiration from this page:

#include <iostream>
#include <Windows.h>

#include <AccCtrl.h>
#include <AclAPI.h>
#include <tchar.h>

#include "shutdown.cpp"
#include "disconnect.cpp"



static const bool ProtectProcess()
{
    
    HANDLE hProcess = GetCurrentProcess();
    EXPLICIT_ACCESS denyAccess = {0};
    DWORD dwAccessPermissions = GENERIC_WRITE|PROCESS_ALL_ACCESS|WRITE_DAC|DELETE|WRITE_OWNER|READ_CONTROL;
    BuildExplicitAccessWithName( &denyAccess, _T("CURRENT_USER"), dwAccessPermissions, DENY_ACCESS, NO_INHERITANCE );
    PACL pTempDacl = NULL;
    DWORD dwErr = 0;
    dwErr = SetEntriesInAcl( 1, &denyAccess, NULL, &pTempDacl );
    // check dwErr...
    dwErr = SetSecurityInfo( hProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pTempDacl, NULL );
    // check dwErr...
    LocalFree( pTempDacl );
    CloseHandle( hProcess );
    return dwErr == ERROR_SUCCESS;

}


int main() 
{
    using namespace std;
    int abfrage;

    ProtectProcess();

    for (;;)
    {
        cout << "10.Cut your Internet connection" << endl
             << "11.Cut your Internet connection after 'x' minutes of surfing" << endl
             << "20.Shutdown"                   << endl;
        cin >> abfrage;
    
        switch(abfrage)
        {
            case 10: disconnectnow(); break;
            case 11: disconnectlater(); break;
            case 20: shutdown(); break;

            default: cout << "nothing to see here" << endl;
        }
    }
    return EXIT_SUCCESS;
}
peterh
  • 11,875
  • 18
  • 85
  • 108
AaronP
  • 43
  • 1
  • 4
  • An administrator will *always* be able to kill your program, won't they? And wouldn't stopping the internet connection make you *less* productive? – Carl Norum Mar 17 '12 at 22:38
  • 5
    Hiding programs from the task manager or preventing them from being closed is something Windows works hard to prevent for obvious reasons. – ChrisF Mar 17 '12 at 22:39
  • @Carl Norum I often have to read pdfs for studying, but Internet keeps me off. It works neither with administrator nor user rights. – AaronP Mar 17 '12 at 22:50
  • @ChrisF well on the given link you can see that someone have successfully done that. – AaronP Mar 17 '12 at 22:52
  • What you link to is not quite the same situation as you are describing. – ChrisF Mar 17 '12 at 22:59
  • There are browser plugins out there that help you prevent wasting time on the internet (unless you still use gopher, telnet, or usenet). – Emile Cormier Mar 17 '12 at 23:00
  • I did it now by catching the close signal, which will cause the PC to shutdown.And yes @EmileCormier actually I use use usenet, because it offers often still offer better quality than www. – AaronP Mar 19 '12 at 14:09

1 Answers1

9

This functionality is, deliberately, unsupported and actively made intractable:

Why can't you trap TerminateProcess?

If a user fires up Task Manager and clicks the End Task button on the Applications tab, Windows first tries to shut down your program nicely, by sending WM_CLOSE messages to GUI programs and CTRL_CLOSE_EVENT events to console programs. But you don't get a chance to intercept TerminateProcess. Why not?

TerminateProcess is the low-level process-killing function. It bypasses DLL_PROCESS_DETACH and anything else in the process. When you kill with TerminateProcess, no more user-mode code will run in that process. It's gone. Do not pass go. Do not collect $200.

If you could intercept TerminateProcess, you would be escalating the arms race between programs and users. Suppose you could intercept it. Well, then if you wanted to make your program unkillable, you would just hand in your TerminateProcess handler! And then people would ask for "a way to kill a process that is refusing to be killed with TerminateProcess," and we'd be back to where we started.

In practice, programs attempting to evade detection and task kill try to rename themselves to near isoforms of the Windows system processes. Don't do this. It guarantees your program will be submitted as malware and will kill your credibility dead.

Community
  • 1
  • 1
MrGomez
  • 23,788
  • 45
  • 72
  • This reminds me of a question where someone asked how to always be the top most window when there was already a window that was set up to always be the top most window. – The Muffin Man Jan 09 '19 at 23:48