Prevent kill my software though Task Manager.

[FL4SHC0D3R]

Hi,

I found a code that promises intercept and detour calls for TerminateProcess api and prevent kill my software directly across of Task Manager, but this don't is working and I can kill my process stilly across of Task Manager.

Here is the found code:

Code:

//////////////////////////////////////
//Project: TerminateProcess Hook    //
//Author: The-Eu4eH                 //
//Date: 3/08/09                     //
//Credits: Azorbix (DetourFunc)     //
//         MSDN (Infomation Heaven) //
//////////////////////////////////////
 
#include <windows.h>
#include <iostream>
 
typedef bool (WINAPI *tTerminateProcess)(HANDLE, UINT);
tTerminateProcess oTerminateProcess;
 
bool WINAPI hkTerminateProcess(HANDLE hProcess, UINT uExitCode)
{
    MessageBox( NULL, "Hello from the hooked Term. Process!", "Hiiiiyyyaaa", MB_OK);
    std::cout << "Yay it worked!";
    return 1;
}
 
/* Can you show me the what the src, dst, and the jmp BYTE actually
contains after each step? So, I can understand it? Thanks, man.*/
 
void *DetourFunc(BYTE *src, const BYTE *dst, const int len)
{
    BYTE *jmp = (BYTE*)malloc(len+5);
    DWORD dwback;
 
    VirtualProtect(src, len, PAGE_READWRITE, &dwback);
 
    memcpy(jmp, src, len);    
        jmp += len;
   
    jmp[0] = 0xE9;
    *(DWORD*)(jmp+1) = (DWORD)(src+len - jmp) - 5; //this
 
    src[0] = 0xE9;
    *(DWORD*)(src+1) = (DWORD)(dst - src) - 5;//this
       
    VirtualProtect(src, len, dwback, &dwback);
 
    return (jmp-len);//this
}
 
 
int main()
{
    std::cout << "Lets hook Terminate Process today." << std::endl;
    //Sleep(1500);
 
        //TerminateProcess(NULL, 0);
 
    oTerminateProcess = (tTerminateProcess)DetourFunc(
            (BYTE*)GetProcAddress(GetModuleHandle("kernel32.dll"), "TerminateProcess"),
            (BYTE*)hkTerminateProcess,
            5);
    if(oTerminateProcess == NULL)
    {
        std::cout << "Could not hook TerminateProcess." << std::endl; //
        return -2;
    }
 
    HMODULE hCurrentApp = GetModuleHandle(NULL);
    if(TerminateProcess(hCurrentApp, 0) != 0)
    {
        return 0;
    }
    else
    {
        return -3;
    }
}

I'm using this code in a dll, and putting on Form_Load event on Windows Form, also I already have tried inside a Thread with a loop (While True) and not solved nothing:

Someone can help me, saying me where I'm making wrong?

My computer works with:

system Windows 7 Ultimate 64 Bits

Thanks in advance.

[GCDEF]

Why would you want software that can't be killed using Task Manager?

[zerver]

I suggest make a driver/system service if it is task manager specifically that you are afraid about. Don't try to make an application that behaves like a virus.

[Igor Vartanov]

Someone can help me, saying me where I'm making wrong?

I'll tell you, and let's see how this can help. Imagine you really make a detour for TerminateProcess API inside your process. You know what that means? That means that your process won't be able to kill another process. Nice, but that's evidently not what you were after.

Now about makng wrong. Your biggest mistake is trusting statements about a code being not able to understand what the code really does. To understand something you have to learn that something. So, to understand Windows programs you have to learn Windows and Windows programming.

Hope this helps.