Tcc Antivirus Prevent Completing Delphi Process

1

I am completing a project, creating an application that simulates an antivirus.

The application is in Delphi, what I want to know is how antiviruses do to register a process as a user system, and when you click on finalize the process appears, 'Access Denied!'.

Below I found a single light that registers the process in the system, but without success.

Function RegisterServiceProcess(DwProcessID, dwType: DWord): DWord; StdCall; External 'KERNEL32.dll';
//Para chamar
RegisterServiceProcess(GetCurrentProcessID, 1);

Any light?

    
asked by anonymous 11.02.2016 / 07:39

1 answer

1

Create Form add the call to this function:

function PreventProcessKill: Integer;
var
  hProcess:Thandle;
  EmptyDacl: TACL ;
  pEmptyDacl: PACL ;
  dwErr : DWORD ;
begin
  hProcess := GetCurrentProcess();
  ZeroMemory(@EmptyDacl, SizeOF(tacl));
  pEmptyDacl := @EmptyDacl;

  if (not InitializeAcl(EmptyDacl, sizeof(tACL), 2)) then
    dwErr := GetLastError()
  else  
    dwErr := SetSecurityInfo(OpenProcess(PROCESS_ALL_ACCESS, False, GetCurrentProcessID),
             SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, nil, nil, @ACL, nil);
  Result:= dwErr;
end;

You need to declare in uses : AclAPI and AccCtrl .

  

Note: AccCtrl is a Dll, usually not found on all versions   of Windows

    
11.02.2016 / 11:37