CodePudding user response:
Can use to protect the process tool to protect and hide application processCodePudding user response:
Reference 360 program, the application layer can't over 360 process, mechanism of he is with other programs start in advance, and then the hooks live to kill (end) process of the interface, the starting mechanism can look for related information (hook DLL interface mechanism of anti-virus software commonly used, Microsoft should not open this document), and 360 will not let you hook system DLL (so way is useless), the method is as follows,Design a daemon (monitor. Exe), hook TerminalProcess interface, specific in the system which DLL can refer to the MSDN documentation, the problem is that 360 has a security mechanism, your hook will fail,
Assume that you don't want to kill the process for (alwaysalive. Exe)
Daemon first hook TerminalProcess interface, and then obtain alwaysalive. Exe process handle (process didn't start the daemon is what also don't do), while other processes (mouse through taskbar operating system process) try to end alwaysalive. Exe, the bottom will be called to TerminalProcess interface, because you daemon hook TerminalProcess interface, ahead of the call operation will go first to your hook interface, you can get the current process handle is killed by you allow alwaysalive. Exe, if you don't want to kill by him, daemon directly play window prompts,
The last question is if you don't understand the DLL - hook mechanism, can go to the online access to relevant data, download some code, see more,
The mechanism of don't let others to kill their Suggestions don't got,
CodePudding user response:
360 is to deny accessCodePudding user response:
The system is a process of false