How to write an unkillable process for Windows?

Question

I\'m looking for a way to write an application. I use Visual C++ 6.0.

I need to prevent the user from closing this process via task manager.

Answer 1

What I've learned from malware:

• Create a process that spawns a dozen of itself
• Each time you detect that one is missing (it was killed) spawn a dozen more.
• Each one should be a unique process name so that a batch process could not easily kill all of them by name
• Sequentially close and restart some of the processes to keep the pids changing which would also prevent a batch kill

Answer 2

Raymond Chen on why this is a bad idea.

Answer 3

The oldest idea in the world, two processes that respawn each other?

Answer 4

I just stumbled upon this post while trying to find a solution to my own (unintentional) unkillable process problem. Maybe my problem will be your solution.

1. Use jboss Web Native to install a service that will run a batch file (modify service.bat so that it invokes your own batch file)
2. In your own batch file, invoke a java process that performs whatever task you'd like to persist
3. Start the service. If you view the process in process explorer, the resulting tree will look like:

jbosssvc.exe -> cmd.exe -> java.exe

1. use taskkill from an administrative command prompt to kill cmd.exe. Jbosssvc.exe will terminate, and java.exe will be be an orphaned running process that (as far as I can tell) can't be killed. So far, I've tried with Taskmanager, process explorer (running as admin), and taskkill to no avail.

Disclaimer: There are very few instances where doing this is a good idea, as everyone else has said.

Answer 5

You can make an unkillable process, but it won't be able to accomplish anything useful while it's unkillable. For example, one way to make a process unkillable is to have it make synchronous I/O requests to a driver that can never complete (for example, by deliberately writing a buggy driver). The kernel will not allow a process to terminate until the I/O requests finish.

So it's not quite true that you "can't do it" as some people are saying. But you wouldn't want to anyway.

Answer 6

Depends on the users permission. If you run the program as administrator a normal user will not have enough permissions to kill your process. If an administrator tries to kill the process he will in most cases succeed. If you really want someone not to kill you process you should take a look at windows system services and driver development. In any case, please be aware that if a user cannot kill a process he is stuck with it, even though it behaves abnormally duo to bugs! You will find a huge wealth of these kind of programs/examples on the legal! site rootkit.com. Please respect the user.