VB6 Critical Process

[kkusuk]

hi..
i create server-client (employee) monitoring software..i want to protect client app process,so the user cant kill the process,like when we try to kill Antivirus process through taskmanager,its show "access denied".
i've tried this code:

'Native api NtSetInformationProcess by SqUeEzEr
Option Explicit
Private Const ANYSIZE_ARRAY = 1
Private Const TOKEN_ADJUST_PRIVILEGES = &H20
Private Const TOKEN_QUERY = &H8
Private Const SE_PRIVILEGE_ENABLED = &H2

Private Type LUID
LowPart As Long
HighPart As Long
End Type
Private Type LUID_AND_ATTRIBUTES
pLuid As LUID
Attributes As Long
End Type
Private Type TOKEN_PRIVILEGES
PrivilegeCount As Long
Privileges(ANYSIZE_ARRAY) As LUID_AND_ATTRIBUTES
End Type


Private Declare Function AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As TOKEN_PRIVILEGES, ReturnLength As Long) As Long
Private Declare Function LookupPrivilegeValue Lib "advapi32" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, lpLUID As LUID) As Long
Private Declare Function GetCurrentProcess Lib "kernel32" () As Long
Private Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long


Public Const SE_CREATE_TOKEN_NAME As String = "SeCreateTokenPrivilege"
Public Const SE_ASSIGNPRIMARYTOKEN_NAME As String = "SeAssignPrimaryTokenPrivilege"
Public Const SE_LOCK_MEMORY_NAME As String = "SeLockMemoryPrivilege"
Public Const SE_INCREASE_QUOTA_NAME As String = "SeIncreaseQuotaPrivilege"
Public Const SE_UNSOLICITED_INPUT_NAME As String = "SeUnsolicitedInputPrivilege"
Public Const SE_MACHINE_ACCOUNT_NAME As String = "SeMachineAccountPrivilege"
Public Const SE_TCB_NAME As String = "SeTcbPrivilege"
Public Const SE_SECURITY_NAME As String = "SeSecurityPrivilege"
Public Const SE_TAKE_OWNERSHIP_NAME As String = "SeTakeOwnershipPrivilege"
Public Const SE_LOAD_DRIVER_NAME As String = "SeLoadDriverPrivilege"
Public Const SE_SYSTEM_PROFILE_NAME As String = "SeSystemProfilePrivilege"
Public Const SE_SYSTEMTIME_NAME As String = "SeSystemtimePrivilege"
Public Const SE_PROF_SINGLE_PROCESS_NAME As String = "SeProfileSingleProcessPrivilege"
Public Const SE_INC_BASE_PRIORITY_NAME As String = "SeIncreaseBasePriorityPrivilege"
Public Const SE_CREATE_PAGEFILE_NAME As String = "SeCreatePagefilePrivilege"
Public Const SE_CREATE_PERMANENT_NAME As String = "SeCreatePermanentPrivilege"
Public Const SE_BACKUP_NAME As String = "SeBackupPrivilege"
Public Const SE_RESTORE_NAME As String = "SeRestorePrivilege"
Public Const SE_SHUTDOWN_NAME As String = "SeShutdownPrivilege"
Public Const SE_DEBUG_NAME As String = "SeDebugPrivilege"
Public Const SE_AUDIT_NAME As String = "SeAuditPrivilege"
Public Const SE_SYSTEM_ENVIRONMENT_NAME As String = "SeSystemEnvironmentPrivilege"
Public Const SE_CHANGE_NOTIFY_NAME As String = "SeChangeNotifyPrivilege"
Public Const SE_REMOTE_SHUTDOWN_NAME As String = "SeRemoteShutdownPrivilege"
'THE api we need!
Private Declare Function NtSetInformationProcess Lib "ntdll.dll" (ByVal hProcess As Integer, ByVal ProcessInformationClass As Integer, ByVal ProcessInformation As Long, ByVal ProcessInformationLength As Integer) As Integer
Private Const ProcessBreakOnTermination As Long = 29
'The api we need!
Public Function MakeCritical(Phandle As Long, Value As Boolean)
GetPrivilegs SE_DEBUG_NAME
Dim ProcessInfo As Long

If Value = True Then
ProcessInfo = 29&
Else
ProcessInfo = 0&
End If

Call NtSetInformationProcess(Phandle, ProcessBreakOnTermination, VarPtr(ProcessInfo), Len(ProcessInfo))
End Function
Public Function GetPrivilegs(ByVal privilegio As String) As Long

Dim lpLUID As LUID
Dim lpToken As TOKEN_PRIVILEGES
Dim lpAntToken As TOKEN_PRIVILEGES
Dim hToken As Long
Dim hProcess As Long
Dim res As Long

hProcess = GetCurrentProcess()
res = OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, hToken)
If res = 0 Then
Exit Function
End If
res = LookupPrivilegeValue(vbNullString, privilegio, lpLUID)
If res = 0 Then
Exit Function
End If
With lpToken
.PrivilegeCount = 1
.Privileges(0).Attributes = SE_PRIVILEGE_ENABLED
.Privileges(0).pLuid = lpLUID
End With

res = AdjustTokenPrivileges(hToken, False, lpToken, Len(lpToken), lpAntToken, Len(lpAntToken))
If res = 0 Then
Exit Function
End If
GetPrivilegs = res
End Function

and i called it with

MakeCritical(clng(text1.text), True) 'note: text1.text is contained the current process ID

when i call "MakeCritcal",nothing happens,the process is able to killed normally through task manager..anyone please help me to figure out whats wrong this code above?

[DataMiser]

Hard for me to imagion a good reason to do something like this, If you are in control of what the users should be able to do on thier system then you could set a policy where they do not have the ability to use task manager. If you are just running some of your software and don't want them to kill it then that smells fishy, I surely would not want it on my system.

[kkusuk]

but im afraid that they download alternative for task manager and kill the client process, will u help me figure out?

[Mark Raishbrook]

Another "client monitoring" app, eh? I entirely agree with DataMiser: there is no good reason to do this and no feasible way, either. If there were, it would be a virus programmer's dream!

[green.pitch]

It's working fine. Pass Process Handle instead of Process ID BTW this all work can be done in 3-4 lines of codes to generate BSOD on process termination.

Regards,

[xiaoyao]

It's working fine. Pass Process Handle instead of Process ID BTW this all work can be done in 3-4 lines of codes to generate BSOD on process termination.

Regards,

Which line of code? Is it that simple?

[Phill.W]

... i want to protect client app process, so the user cant kill the process, like when we try to kill Antivirus process through task manager, its show "access denied".

As others have said, this is a Bad Idea at best, Malware at worst.

I'd suggest installing your process as a Windows Service (like your antivirus example).
That way, your process can run in an elevated context, do what it likes and "normal" Users won't be able to get rid of it.

Of course, someone with elevated access to the machine would have to install it in the first place, but that's a Good Thing.

Regards, Phill W.