Tcc Antivirus Prevent From Terminating Process Delphi

Question

Tcc Antivirus Prevent From Terminating Process Delphi

Asked 8 years, 4 months ago

Viewed 232 times

1

I am completing a project, creating an application that simulates an antivirus.

The application is in Delphi, what I want to know is how antivirus do to register a process as user system, and when you click to finish the process appears , 'Access Denied!'.

Below I found a light only that records the process in the system, but without success.

Function RegisterServiceProcess(DwProcessID, dwType: DWord): DWord; StdCall; External 'KERNEL32.dll';
//Para chamar
RegisterServiceProcess(GetCurrentProcessID, 1);

Some light?

Good evening, maybe this post reads help... http://www.activedelphi.com.br/forum/viewtopic.php?t=62164&sid=9c81985c50d8cd96b914bdc6f263d66f

– Rodrigo

2016/02/11 at 06:47

1 answer

Browser other questions tagged delphi delphi-7 delphi-xe3

You are not signed in. Login or sign up in order to post.

by Junior Moreira • **7,299** points · Answer 1 · 2016-02-11T10:37:55+00:00

In Form Create add the call to that function:

function PreventProcessKill: Integer;
var
  hProcess:Thandle;
  EmptyDacl: TACL ;
  pEmptyDacl: PACL ;
  dwErr : DWORD ;
begin
  hProcess := GetCurrentProcess();
  ZeroMemory(@EmptyDacl, SizeOF(tacl));
  pEmptyDacl := @EmptyDacl;

  if (not InitializeAcl(EmptyDacl, sizeof(tACL), 2)) then
    dwErr := GetLastError()
  else  
    dwErr := SetSecurityInfo(OpenProcess(PROCESS_ALL_ACCESS, False, GetCurrentProcessID),
             SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, nil, nil, @ACL, nil);
  Result:= dwErr;
end;

You need to declare in uses: Aclapi and Accctrl.

Note: Accctrl is a Dll, usually not found in all versions windows