How can I keep Task Manager from killing my program?

Question

Is there any way to protect my Delphi application from being killed by the Windows task manager (or others like Process Explorer)?

I think Windows messages can do that (by doing a hook and intercepting the TerminateProcess message).

I want an example of this protection. The Kaspersky Anti-Virus suites are like this; we can't end their process in Task Manager.

Answer 1

As Kornel says, there are OS-level protection of processes isolated by users. But generally speaking, there's no way to stop your process from being terminated by a user with permission to do so. And a user has permission to terminate processes running as that user.

Even if you wanted to run it as SYSTEM, you couldn't use this process to interact with the logged on user. You'd need to run it as a service and it would have no GUI. You could try other approaches such as getting a DLL loaded into a process like Explorer.exe that users won't terminate because they don't want to, but that's just abusive.

It would be a very bad situation for end users if developers could just write applications that could not be terminated. If this is an internal application you might check Server Fault to see if there's some way of achieving it with Group Policy.

Answer 2

AV Programs like Kaspersky probably use a driver and use hook to prevent termination. In your situation I would advise to set an ACL on the process, this prevents termination with Task Manager or cmdline tools (if the user does not have the Debug privilege). Of course the user can always use a tool like Process Explorer, take ownership of the process, set new ACL and Terminate.

If the user is not an administrator it would suffice to run the process in a different user context (eg launch it from a service).

Setting a process ACL is very easy with the Jedi Windows Security Library as this sample shows.