Design And Implementation Of Windows Process Protection Tools

With the popularity of computers and the Internet, computers have become an essential tool in our daily life, such as its usage in study and office work. Windows, as a mainstream operating system, is a multitasking, multi-process systems and it allows multiple processes running simultaneously. However, we hope to achieve the function that when some processes are running in the system, other users can neither shut down the process nor know their existence. Therefore, to achieve the hiding and protection of processes in Windows system is particularly important.By remote thread injection technology and DLL API HOOK technology which is used in the application layer, modification of the execution process of API functions in the Task Manager, code adding in execution process of API functions and preprocessing before other normal function executions can be achieved. And then the information hiding of the relevant process and protection of the process can be achieved.Based on the far-threaded DLL injection technique and modifying of the import table in memory, the technique of HOOK API on a Windows XP platform can be used to achieve hiding and protection of simple process. Based on this technique, we build a process hiding and protection system, in which users can hide and protect their processes by setting the user’s process’ hiding and protection rules in the task manager for the relevant processes. The process hiding and protection system has the following functions: hiding the designated processes in Task Manager, and preventing the user from closing the specified process through the Task Manager. Through system test, we find that the process hiding and protection system works well, and correctly realizes the function of the hiding and protection of specified processes, which plays a fundamental protection of the whole system.The protection system is easy to use, as it is easy to open and close the protection function through the user’s interface, and it is also very flexible to set the protection rules. Through system test, it can be seen that the process hiding and protection system meets the daily needs of system protection, and can be used in PC and in occasions when the system resource are limited and the requirements are relatively simple.