I finally found it. I can call SetSecurityInfo, passing nil instead of an empty DACL. It seems that an empty DACL means "No permissions" and a null DACL means "All permissions".
Prevent Process Kill From Task Manager, Reversed
-
01-06-2022 - |
Вопрос
I use the code below to prevent the user from killing my program from Task Manager (I found it somewhere):
function PreventProcessKill: Integer;
var
hProcess:Thandle;
EmptyDacl: TACL ;
pEmptyDacl: PACL ;
dwErr : DWORD ;
begin
hProcess := GetCurrentProcess();
ZeroMemory(@EmptyDacl, SizeOF(tacl));
pEmptyDacl := @EmptyDacl;
if (not InitializeAcl(EmptyDacl, sizeof(tACL), 2)) then dwErr := GetLastError()
else dwErr := SetSecurityInfo(hProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, nil, nil,
@EmptyDacl, nil);
Result:= dwErr;
end;
It works great, but at some point in my program I need to revert the effect and allow closing from Task Manager. Any ideas?
Решение 2
Другие советы
You are modifying the DACL when you call SetSecurityInfo. So, just before you do that call GetSecurityInfo and make a note of the original process DACL. When the time comes, call SetSecurityInfo again to restore it.
Do note that a determined user can also do this so you cannot actually stop them from killing the process. You are just making it a little awkward.
Не связан с StackOverflow