How to Protect My Process from Being Killed

Prevent user process from being killed with End Process from Process Explorer

When running my copy of that has Deny set on the Terminate permission (Process Explorer shows this).

Presumably they call SetKernelObjectSecurity to change/remove the ACLs when their process loads.

How can I keep Task Manager from killing my program?

AV Programs like Kaspersky probably use a driver and use hook to prevent termination.
In your situation I would advise to set an ACL on the process, this prevents termination with Task Manager or cmdline tools (if the user does not have the Debug privilege). Of course the user can always use a tool like Process Explorer, take ownership of the process, set new ACL and Terminate.

If the user is not an administrator it would suffice to run the process in a different user context (eg launch it from a service).

Setting a process ACL is very easy with the Jedi Windows Security Library as this sample shows.

how to protect my process being killed?

You can't protect from being killed nor can you be notified. The only way is to have a sticky Service running (which is NOT recommended, unless absolutely necessary). This service will be restarted automatically sometime later.

How to stop my processes from idling or being killed?

So there are multiple issues with the code. First of all avoid infinite loops at all costs like in manage_queue function. Note: I don't mean "avoid while True:", because it doesn't mean that it is an infinite loop (for example you can have break inside it).

With that being said the biggest problem (which we've discovered in long discussion in chat) is that get_tweet_object() function sometimes fails with an exception and when that happens task_queue.task_done() is never called and therefore task_queue.join() never exits.

Another issue is that mixing while not task_queue.empty(): with task_queue.get() is a race condition. What happens when two parallel threads run and task_queue has exactly 1 element? One of them will hang forever. This should be replaced with task_queue.get(False) with appropriate queue.Empty catching. It looks like cosmetics, but the fact is that the race condition is dealt with in .get() call. With that you also need to fill the queue before spawning threads.

All in all here are changes:

from queue import Empty

def do_multithreading(batches, counter, lock, proc):
    """Starts the multithreading"""

    # Set the number of threads.
    number_of_threads = 5

    # Initializes the queue.
    for batch in batches:
        task_queue.put(batch)

    # Starts the multithreading
    for i in range(number_of_threads):
        t = threading.Thread(target=manage_queue, args=[
                             task_queue, counter, lock, proc])
        t.daemon = True
        t.start()
    task_queue.join()

def manage_queue(task_queue, counter, lock, proc):
    while True:
        try:
            user = task_queue.get(False)
        except Empty:
            break

        try:
            get_tweet_objects(user, counter, lock, proc)
        except Exception as exc:
            print(exc)
        finally:
            task_queue.task_done()

def process_tasks(task_queue, counter, lock):
    logger = multiprocessing.get_logger()
    proc = os.getpid()
    while True:
        try:
            user = task_queue.get(False)
        except Empty:
            break
        try:
            do_multithreading(user, counter, lock, proc)
        except Exception as e:
            logger.error(e)
        logger.info(f'Process {proc} completed successfully')
    return True

With that being said I strongly advice utilizing process/thread executors.

Delphi 7 - Prevent User From Killing Process in Task Manager

You can do it.

See the canonical answer on security StackExchange:

  • Create a unterminable process in Windows

Short version:

  1. Pre-NT RegisterServiceProcess trick - marks your process as a "critical system service"
  2. Process naming tricks - TaskMgr refused to kill processes named rpcss.exe
  3. Keep-alive processes - two processes keep relaunching each other
  4. User-mode hook TerminateProcess via loaded DLLs - block calls to terminate your process
  5. User-mode hook TerminateProcess via injected threads - block calls to terminate your process
  6. Kernel-mode call hooks - takeover any calls to TerminateProcess inside the kernel from a driver
  7. Direct kernel object manipulation (DKOM) - modify the kernel process list so your process is invisible
  8. Debugger tricks - if you debug your own process it cannot be killed
  9. Windows Protected Services - the OS feature to make a process unkillable
  10. Tool manipulation - modify TaskMgr, Process Explorer, pskill, taskkill binaries directly

Yes, anti-virus, anti-malware, and DRM software should not be able to defend itself from malware that gains administrative privileges. But Microsoft, McAfee, Cylance, WildVine, and the rest do it - and Microsoft endorses and enabled with with protected services. So here we are.


Related Topics

How to Redirect from Audio Output to Mic Input Using Pulseaudio

Determine Usb Device File Path

One Liner to Rename Bunch of Files

Systemd: Start Service at Boot Time After Network Is Really Up (For Wol Purpose)

Syslog_R for Linux

Vim: Access to System Clipboard via Ssh - Linux to Os X

Wrong Payload When Using Bluez Stack as Peripheral

X-Axis Value on Gnuplot

Alsa Cannot Set Sample Format[Ffmpeg]

How to "Expect" and "Send" After "Interact" Command

Undefined Reference to Symbol 'Dlsym@@Glibc_2.4'

Bumping Version Numbers for New Releases in Associated Files (Documentation)

Checkpoint/Restart Using Core Dump in Linux

How to Read Data from Excel Sheet in Linux Using Shell Script

How to Use Cx_Freeze in Linux to Create a Package to Be Used in Windows

Command for Finding Process Using Too Much Cpu

Linux' Hrtimer - Microsecond Precision

Using the Linux Sysfs_Notify Call


Leave a reply



Submit