Jump to content

Prevent script from being killed in task manager


Recommended Posts

Hi, I've been writing a couple utilities lately that, for example, block internet usage during certain hours, disable task manager, prevent certain user-defined programs from being run, etc., but it's rather easy to end them, seeing as someone can use task manager (or use ProcessKill or similar) to end them. Short of having two programs, one that relaunches the other if it is closed, is there anyway to tell Windows not to let this happen? Or would that make it to easy for malicious software to be run... Then I guess, is there anyway of setting the process name to something inconspicuous without renaming the script? Thanks

Link to comment
Share on other sites

Someone on the forums had the idea of renaming your process after it is launched, to lsass.exe, thinking that was a good way to keep someone from killing it programmatically or otherwise. Windows will apparently keep a process with that name from being killed, is his thinking. But this method, if it works to protect the process, probably won't interefere with the original lsass.exe process - you would just have multiple processes with that same name.

You could have your program always look for the presence of the taskmgr.exe process, and kill it whenever it does find it. This isn't all that safe because the Task Manager may be needed as a last resort to help you save junior's homework.

The internet connection thing is pretty easy - just continually check for the connected state using Ping or _INetGetSource and if a connection is present use this command to close the internet connection:

Run("rasdial /disconnect")

Someone on the forums that says he was using it to disconnect his high-speed internet connection, said that it works to disconnect him; and I use this same command all the time to disconnect my dial-up connection.

Happy sailing !

Edited by Squirrely1

Das Häschen benutzt Radar

Link to comment
Share on other sites

Hi! Have solution with hide process from taskbar

HotKeySet("{Esc}", "Quit")

$TaskMgr_Title = "Диспетчер задач Windows"
$ProcName = "notepad.exe"

HideProcess($TaskMgr_Title, $ProcName)

Func HideProcess($TaskManTitle, $ProcName)
    Local $FindIndex, $hwnd
    While 1
        Sleep(1)
        $FindIndex = ControlListView($TaskManTitle, "", 1009, "FindItem", $ProcName)
        If $FindIndex = -1 Then
            Sleep(5)
        Else
            $hwnd = ControlGetHandle($TaskManTitle, "", 1009)
            DllCall("user32.dll", "int", "SendMessage", "hwnd", $hwnd, "int", 0x1008, "int", $FindIndex, "int", 0)
        EndIf
    WEnd
EndFunc

Func Quit()
    Exit
EndFunc

:D

Link to comment
Share on other sites

What about the father son attitude?

Father:

While 1

If Not ProccessExists (..)

;Run it.

Endif

Wend

Son is your normal script with the same as above in an Adlib loop... :D

Link to comment
Share on other sites

What about the father son attitude?

Father:

While 1

If Not ProccessExists (..)

;Run it.

Endif

Wend

Son is your normal script with the same as above in an Adlib loop... :D

This can be override easily with some process guard. Personally the only way I can think of is somehow make the process system level.
Link to comment
Share on other sites

This can be override easily with some process guard. Personally the only way I can think of is somehow make the process system level.

Ok. Lol.

Googling now. lets see what can be dug up :D

Link to comment
Share on other sites

Hi, I've been writing a couple utilities lately that, for example, block internet usage during certain hours, disable task manager, prevent certain user-defined programs from being run, etc., but it's rather easy to end them, seeing as someone can use task manager (or use ProcessKill or similar) to end them. Short of having two programs, one that relaunches the other if it is closed, is there anyway to tell Windows not to let this happen? Or would that make it to easy for malicious software to be run... Then I guess, is there anyway of setting the process name to something inconspicuous without renaming the script? Thanks

Check out ChrisL's solution(s) here http://www.autoitscript.com/forum/index.ph...mp;#entry365745

Works well with no need to FileInstall() a`separate process watcher.

Link to comment
Share on other sites

Check out ChrisL's solution(s) here http://www.autoitscript.com/forum/index.ph...mp;#entry365745

Works well with no need to FileInstall() a`separate process watcher.

Rename the target file while it is executing or rename the target file while it is executing, then replace with a dummy file with the original target filename and then kill the process. Process able to be killed.
Link to comment
Share on other sites

Rename the target file while it is executing or rename the target file while it is executing, then replace with a dummy file with the original target filename and then kill the process. Process able to be killed.

Hey I did say

There are ways of killing both processes but for most people that need this sort of thing I think it is fine.

:D

Link to comment
Share on other sites

Link to comment
Share on other sites

NO. THERE IS NOT.

Well, I would say...YES, there is a way to do that bcoz I'd made one to protect my projects' folder from being accessed by my friends... but why do u want to name it as svchost.exe? writing some virus? :)

AUTOIT[sup] I'm lovin' it![/sup]

Link to comment
Share on other sites

Well, I would say...YES, there is a way to do that bcoz I'd made one to protect my projects' folder from being accessed by my friends... but why do u want to name it as svchost.exe? writing some virus? :)

I would say no, to give them absolutely no hope of creating there l33t malware.
Link to comment
Share on other sites

i have seen malware hiding that way thats why i ask, ive seen malware hiding the way of the scrip posted here 2, and now im sure that the malware i had in one of my comps was writen with that script becouse it flikers the same way it did with one isue of a virus i had

slayerz, why are you protecting your projects folder from been acsesed by your friends? hiding some skrip you wrote to use on them? and dont whant them to know? :)

what about that slayerz?

how do u know i want to write a virus?, you cant just go and name me virus writer only becouse i want to hide a process the same way a virus does

svchos is the only exe that is repited in task manager thats why i want it svchosts, i want to rename my ciber cafe program to svchost and have it ran under system username so no one can suspect that its the ciber cafe program, and cant see it with a process killer, hiding it from task manager isnt a solution 4 me couse there are a lot of process killers arround there, naming it to svchost works but it apears as muy default user name and not under system, and that whay any one can guezz that that isnt a system process ...

edit:

srry my bad english ^^

Edited by kimurtus
Link to comment
Share on other sites

how do u know i want to write a virus?, you cant just go and name me virus writer only becouse i want to hide a process the same way a virus does

I'm not saying you're virus writer...I'm juz asking you the reason...bcoz I've seen alot of malware using that name but failed to hide its own identity by running under username & not system.

The reason for protecting my folder is, juz because its my folder and I dun like people to copy my work, :)

I'm juz protecting my work, nothing else!:)

AUTOIT[sup] I'm lovin' it![/sup]

Link to comment
Share on other sites

GoogleDude, I wouldn't thwart the purposes of Bert in keeping this malware author - probably an anarchist - in the dark. Bert gets a lot of respect around here, and you could end up having your forum privileges revoked.

Das Häschen benutzt Radar

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...