Wednesday, October 13, 2010

How to create an "unkillable" Windows process

The topic of killing Windows processes has been investigated by developers and users probably from the first day this operating system appeared. Besides the task manager where it is possible to kill (practically) any process, there are a lot of freeware and shareware programs that will do all the dirty job of ending any process you select for you. But what to do if you need to write an "unkillable" program?
Once I came across this problem, I analyzed how several adware programs were running, such as Gator Adware, using methods making it possible to avoid being ended by the user. As a result, I worked out a fairly simple solution that is described in this article.
This example implements a relatively eternal process. It is assumed that the user does not use any special technical tools in order to kill the process, but uses only the task manager or similar software.
How it works
Since we cannot forbid the user to select our process in the task manager with the mouse and select the "End Process" command, let's create two process that are the same - one of them will execute directly the code of the program, while the other one will only monitor whether the main program is running or not. The first process will also monitor whether the second auxiliary process is running. With this kind of implementation, no matter which of the two processes the user kills, the remaining process will start a working copy and our program will continue to work.
schema.jpg

Read more: Codeproject