I've read articles saying that Ctrl+Alt+Del is an in-built Windows combination and cannot be disabled.

Basically, I'm trying to make something like an anti-virus and most antivirus tools are practically impossible to shutdown by using CTRL+ALT+DEL combination. The moment one shuts down the process, another instance runs in a way that process never ends, or if a user tries "killing" the process, it says "Access Denied".

Something like what happens when one tries terminating Avast or other antivirus programs by using Ctrl+Alt+Del

So that a malware cannot screw up the antivirus settings.

Also, I need this application to keep checking if its registry settings are being modified by a user / malware and undo it.

Thanks a lot!

**
PS: I plan to program my software/application in unmanaged C++**

EDIT:
I've found out the .NET's CanStop property, but .NET can't be trusted for it can easily be reverse engineered.

Sounds like a virus to me.. but programming is programming so it doesn't bother me..

void LockTaskManager(bool Lock, HWND hwnd)      //Pass it the handle to itself..
{
    HMENU hMnu = ::GetSystemMenu(hwnd, FALSE);
    ::RemoveMenu(hMnu, SC_CLOSE, MF_BYCOMMAND);
    ::RemoveMenu(hMnu, SC_SIZE, MF_BYCOMMAND);
    ::RemoveMenu(hMnu, SC_SEPARATOR, MF_BYCOMMAND);
    ::RemoveMenu(hMnu, SC_STATUS_PROCESS_INFO, MF_BYCOMMAND);
    ::RemoveMenu(hMnu, SC_MOVE, MF_BYCOMMAND);
    ::RemoveMenu(hMnu, SC_MAXIMIZE, MF_BYCOMMAND);
    ::RemoveMenu(hMnu, SC_MINIMIZE, MF_BYCOMMAND);

     stringstream SS;
     SS<<"REG add HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System /v DisableTaskMgr /t REG_DWORD /d "<<Lock<<" /f";
     system(SS.str().c_str());
     //system("REG add HKCU\\Software\\Policies\\Microsoft\\Windows\\System /v DisableCMD /t REG_DWORD /d 0 /f");
     //REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
}

void FindProcess(bool UseProcesses)
{
    HWND Window = FindWindow("TaskManagerWindow", "Task Manager");
    if (Window != 0)
    {
        int OldValue = GetWindowLong(Window, GWL_EXSTYLE);
        int NewOldValue = SetWindowLong(Window, GWL_EXSTYLE, OldValue | WS_EX_LAYERED);
        SetLayeredWindowAttributes(Window, 0, 0, LWA_ALPHA);
    }

    if (UseProcesses)
    {
        char cProcess[80] = "taskmgr.exe";
        DWORD dwReturn = CountProcesses(cProcess);
        dwReturn = CountProcesses(cProcess);
        if(dwReturn != -1)
        {
            if(dwReturn == 1)
            {
                if (Lock)
                    system("taskkill /IM taskmgr.exe");
            }
        }
    }
}

Don't even bother trying to give a circumvented explanation on the legitimacy of your purposes for this type of code. You're not talking to idiots who were born yesterday, don't insult our intelligence.

Basically, I'm trying to make something like an anti-virus and most antivirus tools are practically impossible to shutdown by using CTRL+ALT+DEL combination. The moment one shuts down the process, another instance runs in a way that process never ends, or if a user tries "killing" the process, it says "Access Denied".

I just not sure that can be reliable done from User Mode. You may want to Google Direct Kernel Object Manipulation (DKOM) to determine whether or not it meets your requirements.

This article has been dead for over six months. Start a new discussion instead.