Prevent user process from being killed with End Process from Process Explorer
When running my copy of that has Deny set on the Terminate permission (Process Explorer shows this).
Presumably they call SetKernelObjectSecurity
to change/remove the ACLs when their process loads.
How can I keep Task Manager from killing my program?
AV Programs like Kaspersky probably use a driver and use hook to prevent termination.
In your situation I would advise to set an ACL on the process, this prevents termination with Task Manager or cmdline tools (if the user does not have the Debug privilege). Of course the user can always use a tool like Process Explorer, take ownership of the process, set new ACL and Terminate.
If the user is not an administrator it would suffice to run the process in a different user context (eg launch it from a service).
Setting a process ACL is very easy with the Jedi Windows Security Library as this sample shows.
how to protect my process being killed?
You can't protect from being killed nor can you be notified. The only way is to have a sticky Service running (which is NOT recommended, unless absolutely necessary). This service will be restarted automatically sometime later.
How to stop my processes from idling or being killed?
So there are multiple issues with the code. First of all avoid infinite loops at all costs like in manage_queue
function. Note: I don't mean "avoid while True:
", because it doesn't mean that it is an infinite loop (for example you can have break
inside it).
With that being said the biggest problem (which we've discovered in long discussion in chat) is that get_tweet_object()
function sometimes fails with an exception and when that happens task_queue.task_done()
is never called and therefore task_queue.join()
never exits.
Another issue is that mixing while not task_queue.empty():
with task_queue.get()
is a race condition. What happens when two parallel threads run and task_queue
has exactly 1 element? One of them will hang forever. This should be replaced with task_queue.get(False)
with appropriate queue.Empty
catching. It looks like cosmetics, but the fact is that the race condition is dealt with in .get()
call. With that you also need to fill the queue before spawning threads.
All in all here are changes:
from queue import Empty
def do_multithreading(batches, counter, lock, proc):
"""Starts the multithreading"""
# Set the number of threads.
number_of_threads = 5
# Initializes the queue.
for batch in batches:
task_queue.put(batch)
# Starts the multithreading
for i in range(number_of_threads):
t = threading.Thread(target=manage_queue, args=[
task_queue, counter, lock, proc])
t.daemon = True
t.start()
task_queue.join()
def manage_queue(task_queue, counter, lock, proc):
while True:
try:
user = task_queue.get(False)
except Empty:
break
try:
get_tweet_objects(user, counter, lock, proc)
except Exception as exc:
print(exc)
finally:
task_queue.task_done()
def process_tasks(task_queue, counter, lock):
logger = multiprocessing.get_logger()
proc = os.getpid()
while True:
try:
user = task_queue.get(False)
except Empty:
break
try:
do_multithreading(user, counter, lock, proc)
except Exception as e:
logger.error(e)
logger.info(f'Process {proc} completed successfully')
return True
With that being said I strongly advice utilizing process/thread executors.
Delphi 7 - Prevent User From Killing Process in Task Manager
You can do it.
See the canonical answer on security StackExchange:
- Create a unterminable process in Windows
Short version:
- Pre-NT RegisterServiceProcess trick - marks your process as a "critical system service"
- Process naming tricks - TaskMgr refused to kill processes named
rpcss.exe
- Keep-alive processes - two processes keep relaunching each other
- User-mode hook TerminateProcess via loaded DLLs - block calls to terminate your process
- User-mode hook TerminateProcess via injected threads - block calls to terminate your process
- Kernel-mode call hooks - takeover any calls to TerminateProcess inside the kernel from a driver
- Direct kernel object manipulation (DKOM) - modify the kernel process list so your process is invisible
- Debugger tricks - if you debug your own process it cannot be killed
- Windows Protected Services - the OS feature to make a process unkillable
- Tool manipulation - modify TaskMgr, Process Explorer, pskill, taskkill binaries directly
Yes, anti-virus, anti-malware, and DRM software should not be able to defend itself from malware that gains administrative privileges. But Microsoft, McAfee, Cylance, WildVine, and the rest do it - and Microsoft endorses and enabled with with protected services. So here we are.
Related Topics
How to Redirect from Audio Output to Mic Input Using Pulseaudio
Determine Usb Device File Path
One Liner to Rename Bunch of Files
Systemd: Start Service at Boot Time After Network Is Really Up (For Wol Purpose)
Vim: Access to System Clipboard via Ssh - Linux to Os X
Wrong Payload When Using Bluez Stack as Peripheral
Alsa Cannot Set Sample Format[Ffmpeg]
How to "Expect" and "Send" After "Interact" Command
Undefined Reference to Symbol 'Dlsym@@Glibc_2.4'
Bumping Version Numbers for New Releases in Associated Files (Documentation)
Checkpoint/Restart Using Core Dump in Linux
How to Read Data from Excel Sheet in Linux Using Shell Script
How to Use Cx_Freeze in Linux to Create a Package to Be Used in Windows
Command for Finding Process Using Too Much Cpu