none
How to make windows services that can't kill or end process in task manager? RRS feed

  • Question

  • I want to write a Windows service that could not kill the task manager.

    Like the Kaspersky service that show 'Access is denied' message.

    I want c# code...

    public static class Unkillable
        {
            [DllImport("ntdll.dll", SetLastError = true)]
            private static extern void RtlSetProcessIsCritical(UInt32 v1, UInt32 v2, UInt32 v3);
    
            public static void MakeProcessUnkillable()
            {
                Process.EnterDebugMode();
                RtlSetProcessIsCritical(1, 0, 0);
            }
    
            public static void MakeProcessKillable()
            {
                RtlSetProcessIsCritical(0, 0, 0);
            }
        }

    I want a code similar to the code above to limit it to kill in taskmanager and show 'access is denied' message rather than put it in the Critical Process. Because this is a security service and should always be running.The problem with the above code is that if the service killed in any way, Windows crashes and a blue screen is displayed until Windows is automatically repaired.

    https://youtu.be/N0YisU6Kfd4
    • Edited by Ardian.Z Wednesday, September 18, 2019 6:09 PM
    Wednesday, September 18, 2019 11:49 AM

All replies

  • Hello,

    It's unclear to the intentions for this service. As written the thought is to simply not write code to prevent an action.


    Please remember to mark the replies as answers if they help and unmarked them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.

    NuGet BaseConnectionLibrary for database connections.

    StackOverFlow
    profile for Karen Payne on Stack Exchange

    Wednesday, September 18, 2019 11:56 AM
    Moderator
  • You cannot. Every process in Windows other than those in the Trusted Base (of which only the OS is) can ultimately be terminated by an admin. Protected processes have limited access but can still be terminated. If you couldn't terminate it then there would be no way to debug or restart it anyway.

    Services can only be stopped by an admin. An admin can do everything. Why is this not sufficient? Other than malicious software I cannot think of a single case where this would make sense.


    Michael Taylor http://www.michaeltaylorp3.net

    Wednesday, September 18, 2019 1:47 PM
    Moderator
  • Hi Ardian.Z, 

    Thank you for posting here.

    I regret that C# may not make windows services that can't kill.

    I find a reference which use C++ and MFC to create an "unkillable" Windows Process.

    How to Create an "unkillable" Windows Process

    Besides, you can refer to some of the ideas in the following reference.

    How can I make a program that's impossible to be killed in Windows?

    Hope it can help you.

    Best Regards,

    Xingyu Zhao


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, September 20, 2019 6:01 AM
    Moderator