Non root users can read the process table, sure...but none of them can kill tasks that aren't their own. The task manager does in fact just query the process table to enumerate all running processes.

It has to do more than just read all running processes, otherwise hiding a process would be impossible. If you remove a process from the process table, it becomes lost, which is very bad. Thus there must be some sort of flag or something which can be set and checked for each process as to whether or not it should be listed.

~Viz

Thing is, by hitting the keys or starting up a task monitor, aren't you making it become open by you..... meaning it can be closed by you and probably faked by a piece of software, if the direct approach doesn't work under a secure account.

There is more than one way to skin a cat, so to speak lol.

Mine technically doesn't "shut down" or "end" any tasks, it just closes them as soon as they open, to a point of speed where you would be lucky to notice it even showing up, you could catch, it but that would be useless, it goes too fast to do anything with it.......

I made it a configurable option though (the program is password protected and has a special global key assignment to bring up the password dialog bog to re-open the visuals), it's only really meant if anyone that uses your computer is as smart as me and would know something is wrong and fix it quickly lol (well I still could anyway actually).

I don't get it. Why would you want to disable task manager? Unless you were a school, library ect that need the security so you don't turn off their keyloggers/spyware. But after reading this topic it does not look like it is a very secure way to disable task manager (apparently you could just re-add the key to the registry). I like jimmy89's code that re-enables it. I am very surprised how much you can do to windows xp (or any windows computer in this case) just by editing the registry. It is a little scarry how easy it would be to get a virus that deleated key things (that is if you don't have a firewall). Maby it is just me afterall I don't even trust my self to make major edits to the registry.
Thanks,
Sparkx

To stop a normal user from shutting down your application, like monitoring software used for children etc (my 5 year old sister can already use the net, run programs, find them even in hidden places, log into website and email, shutdown unwanted processed, and she's had next to no help in learning it).

The thing with the program I am working on, is it's not impossible to remove and it doesn't do anything harmful by any means, it's meant for the owner of the computer who might want to know a little bit more definite information about what others are accessing it are doing with it.

No different really than having a camera setup in a small or larger business to see what people who use your shop are doing (like shop lifters or plain idiots), etc.

Posibly unsurprisingly, their is a registry key that prevents access to the registry through regedit, and I beleive their is also another key that prevents all changes to the registry, so you can't install new programs.

~Viz

As mentioned before, the purpose of disabling the task manager is to lock the computer down for unprivileged users. It is a supported design feature in Windows that can be enabled along side of things like disabling the run button on the start menu.

Has anyone gone to the site mentioned in the third post (www.winPadlock.uni.cc)? It appears to be a virus site to me. There is no information and it pushes you to only download the program. I also experienced several pop-ups and script error messages. This all indicates a possible virus.

All of this is under the title of rootkits. The main purpose of a rootkit is to hide processes or activates from the user. It also goes a step further and runs at the kernel level. This makes it extremely difficult to defend again once the rootkit has successfully entered the system. You can forget about antivirus because the file system is lying to the antivirus application about what is on the system. I just got through a great book a few months ago called “Rootkits: Subverting the Windows Kernel” (http://www.amazon.com/Rootkits-Subverting-Addison-Wesley-Software-Security/dp/0321294319). It basically tells you how to do exactly what is in this thread. All of the example are in C and it is very technically oriented so be prepared for a difficult read. Overall I will recommend it to anyone interested in this area of computer security.

Yeah that is one avenue to go, but I think it can be dangerous and just open up more exploits which probably isn't a good idea.

I would rather not play with someone else's kernel lol.

What's the point into this anyways? Also, this clearly show that Microsoft Windows is very buggy, there's so many holes!

xboxrulz

Into mine?

To ensure anyone with half a brain cannot find and take off the application (which is intended for computer owners/administrators who have other individuals using their machines and want to monitor specific things).

The way I do things is not a windows bug, exploit or issue, all I do is force the window to exit when it's opened using a timer, it's very simple, fast and effective, even if not too elegant.

I could it on Mac, I could do it on Linux, I can do it on any of them if I have to.

It's a matter of knowing how, no OS can block all avenues even on this particular point because that would be way too restrictive in other ways that just are not worth it.