-
November 3rd, 2015, 05:23 PM
#1
Prevent kill my software though Task Manager.
Hi,
I found a code that promises intercept and detour calls for TerminateProcess api and prevent kill my software directly across of Task Manager, but this don't is working and I can kill my process stilly across of Task Manager.
Here is the found code:
Code:
//////////////////////////////////////
//Project: TerminateProcess Hook //
//Author: The-Eu4eH //
//Date: 3/08/09 //
//Credits: Azorbix (DetourFunc) //
// MSDN (Infomation Heaven) //
//////////////////////////////////////
#include <windows.h>
#include <iostream>
typedef bool (WINAPI *tTerminateProcess)(HANDLE, UINT);
tTerminateProcess oTerminateProcess;
bool WINAPI hkTerminateProcess(HANDLE hProcess, UINT uExitCode)
{
MessageBox( NULL, "Hello from the hooked Term. Process!", "Hiiiiyyyaaa", MB_OK);
std::cout << "Yay it worked!";
return 1;
}
/* Can you show me the what the src, dst, and the jmp BYTE actually
contains after each step? So, I can understand it? Thanks, man.*/
void *DetourFunc(BYTE *src, const BYTE *dst, const int len)
{
BYTE *jmp = (BYTE*)malloc(len+5);
DWORD dwback;
VirtualProtect(src, len, PAGE_READWRITE, &dwback);
memcpy(jmp, src, len);
jmp += len;
jmp[0] = 0xE9;
*(DWORD*)(jmp+1) = (DWORD)(src+len - jmp) - 5; //this
src[0] = 0xE9;
*(DWORD*)(src+1) = (DWORD)(dst - src) - 5;//this
VirtualProtect(src, len, dwback, &dwback);
return (jmp-len);//this
}
int main()
{
std::cout << "Lets hook Terminate Process today." << std::endl;
//Sleep(1500);
//TerminateProcess(NULL, 0);
oTerminateProcess = (tTerminateProcess)DetourFunc(
(BYTE*)GetProcAddress(GetModuleHandle("kernel32.dll"), "TerminateProcess"),
(BYTE*)hkTerminateProcess,
5);
if(oTerminateProcess == NULL)
{
std::cout << "Could not hook TerminateProcess." << std::endl; //
return -2;
}
HMODULE hCurrentApp = GetModuleHandle(NULL);
if(TerminateProcess(hCurrentApp, 0) != 0)
{
return 0;
}
else
{
return -3;
}
}
I'm using this code in a dll, and putting on Form_Load event on Windows Form, also I already have tried inside a Thread with a loop (While True) and not solved nothing:
Someone can help me, saying me where I'm making wrong?
My computer works with:
system Windows 7 Ultimate 64 Bits
Thanks in advance.
-
November 3rd, 2015, 07:29 PM
#2
Re: Prevent kill my software though Task Manager.
Why would you want software that can't be killed using Task Manager?
-
November 4th, 2015, 06:23 AM
#3
Re: Prevent kill my software though Task Manager.
I suggest make a driver/system service if it is task manager specifically that you are afraid about. Don't try to make an application that behaves like a virus.
Nobody cares how it works as long as it works
-
November 7th, 2015, 10:43 AM
#4
Re: Prevent kill my software though Task Manager.
Originally Posted by FL4SHC0D3R
Someone can help me, saying me where I'm making wrong?
I'll tell you, and let's see how this can help. Imagine you really make a detour for TerminateProcess API inside your process. You know what that means? That means that your process won't be able to kill another process. Nice, but that's evidently not what you were after.
Now about makng wrong. Your biggest mistake is trusting statements about a code being not able to understand what the code really does. To understand something you have to learn that something. So, to understand Windows programs you have to learn Windows and Windows programming.
Hope this helps.
Best regards,
Igor
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|