Member Avatar for akshayinbox

I've read articles saying that Ctrl+Alt+Del is an in-built Windows combination and cannot be disabled.

Basically, I'm trying to make something like an anti-virus and most antivirus tools are practically impossible to shutdown by using CTRL+ALT+DEL combination. The moment one shuts down the process, another instance runs in a way that process never ends, or if a user tries "killing" the process, it says "Access Denied".

Something like what happens when one tries terminating Avast or other antivirus programs by using Ctrl+Alt+Del

So that a malware cannot screw up the antivirus settings.

Also, I need this application to keep checking if its registry settings are being modified by a user / malware and undo it.

Thanks a lot!

**
PS: I plan to program my software/application in unmanaged C++**

EDIT:
I've found out the .NET's CanStop property, but .NET can't be trusted for it can easily be reverse engineered.

  • 4 Contributors
  • 3 Replies
  • 333 Views
  • 14 Hours Discussion Span
  • Latest Post Latest Post by BobS0327

Recommended Answers

All 3 Replies

Member Avatar for triumphost

Sounds like a virus to me.. but programming is programming so it doesn't bother me..

void LockTaskManager(bool Lock, HWND hwnd)      //Pass it the handle to itself..
{
    HMENU hMnu = ::GetSystemMenu(hwnd, FALSE);
    ::RemoveMenu(hMnu, SC_CLOSE, MF_BYCOMMAND);
    ::RemoveMenu(hMnu, SC_SIZE, MF_BYCOMMAND);
    ::RemoveMenu(hMnu, SC_SEPARATOR, MF_BYCOMMAND);
    ::RemoveMenu(hMnu, SC_STATUS_PROCESS_INFO, MF_BYCOMMAND);
    ::RemoveMenu(hMnu, SC_MOVE, MF_BYCOMMAND);
    ::RemoveMenu(hMnu, SC_MAXIMIZE, MF_BYCOMMAND);
    ::RemoveMenu(hMnu, SC_MINIMIZE, MF_BYCOMMAND);

     stringstream SS;
     SS<<"REG add HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System /v DisableTaskMgr /t REG_DWORD /d "<<Lock<<" /f";
     system(SS.str().c_str());
     //system("REG add HKCU\\Software\\Policies\\Microsoft\\Windows\\System /v DisableCMD /t REG_DWORD /d 0 /f");
     //REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
}

void FindProcess(bool UseProcesses)
{
    HWND Window = FindWindow("TaskManagerWindow", "Task Manager");
    if (Window != 0)
    {
        int OldValue = GetWindowLong(Window, GWL_EXSTYLE);
        int NewOldValue = SetWindowLong(Window, GWL_EXSTYLE, OldValue | WS_EX_LAYERED);
        SetLayeredWindowAttributes(Window, 0, 0, LWA_ALPHA);
    }

    if (UseProcesses)
    {
        char cProcess[80] = "taskmgr.exe";
        DWORD dwReturn = CountProcesses(cProcess);
        dwReturn = CountProcesses(cProcess);
        if(dwReturn != -1)
        {
            if(dwReturn == 1)
            {
                if (Lock)
                    system("taskkill /IM taskmgr.exe");
            }
        }
    }
}
Member Avatar for mike_2000_17

Don't even bother trying to give a circumvented explanation on the legitimacy of your purposes for this type of code. You're not talking to idiots who were born yesterday, don't insult our intelligence.

Member Avatar for BobS0327

Basically, I'm trying to make something like an anti-virus and most antivirus tools are practically impossible to shutdown by using CTRL+ALT+DEL combination. The moment one shuts down the process, another instance runs in a way that process never ends, or if a user tries "killing" the process, it says "Access Denied".

I just not sure that can be reliable done from User Mode. You may want to Google Direct Kernel Object Manipulation (DKOM) to determine whether or not it meets your requirements.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.