[utsav.0202]

Hi

I want to protect my process from EndTask api in 64 bit Windows 7
I am handling WM_CLOSE by returning 0 from it

On calling EndTask from a sample application on the windows of my process, windows End Program(The program is not responding...) dialog box appears.
If I press "End Now", my process terminates. If I press cancel, the process continues.

Where am I going wrong?

Is there any other way to hide my Windows from other applications?

[Vrtule]

Hello,

except sending message to your application (I am not sure whether it is WM_CLOSE or WM_QUUIT), the EndTask routine attempts to terminate the target process via ZwOpenProcess / ZwTerminateProcess approach, if the messages show not to do their job.

[EP_X0FF]

Is there any other way to hide my Windows from other applications?

No. But you can complicate task to attacker by doing random attributes for a window such as title and class name. Best approach - service application and GUI application. When GUI application terminated unexpectedly (without setting for example global flag or signaling some event) - service automatically re-launch GUI process and maybe displays some warnings/errors to user (and/or in event log).

[feryno]

killing your app will be a bit harder if it calls something like RtlSetProcessIsCritical or RtlSetThreadIsCritical exported from ntdll.dll (no official documentation about these calls)
http://www.codeproject.com/Articles/434 ... essIsCriti
you may also play with e.g. csrss.exe or smss.exe to discover something usefull concerning your question (but I'm guessing they use the above ...IsCritical)

[nullptr]

killing your app will be a bit harder if it calls something like RtlSetProcessIsCritical or RtlSetThreadIsCritical exported from ntdll.dll )

I doubt that utsav.0202 is looking to create a BSOD generator.