https://github.com/ThomasThelen/Disable-Task-Manager

Example of disabling the task manager via registry manipulation
https://github.com/ThomasThelen/Disable-Task-Manager

hacking registry registry-manipulation task-manager windows-hacking windows-registry

Last synced: 4 months ago
JSON representation

Example of disabling the task manager via registry manipulation

• Host: GitHub
• URL: https://github.com/ThomasThelen/Disable-Task-Manager
• Owner: ThomasThelen
• Archived: true
• Created: 2020-01-09T16:50:00.000Z (over 5 years ago)
• Default Branch: master
• Last Pushed: 2020-08-17T03:52:09.000Z (over 4 years ago)
• Last Synced: 2024-08-13T07:09:44.409Z (8 months ago)
• Topics: hacking, registry, registry-manipulation, task-manager, windows-hacking, windows-registry
• Language: Python
• Size: 11.7 KB
• Stars: 10
• Watchers: 3
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• jimsghstars - ThomasThelen/Disable-Task-Manager - Example of disabling the task manager via registry manipulation (Python)

README

        
# Disabling the Task Manager

[![Codacy Badge](https://app.codacy.com/project/badge/Grade/159ce710186b46b1a41a9804b6f6b959)](https://www.codacy.com/manual/ThomasThelen/Disable-Task-Manager?utm_source=github.com&utm_medium=referral&utm_content=ThomasThelen/Disable-Task-Manager&utm_campaign=Badge_Grade)

[![made-with-python](https://img.shields.io/badge/Made%20with-Python-1f425f.svg)](https://www.python.org/)

[![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg)](https://GitHub.com/Naereen/StrapDown.js/graphs/commit-activity)

Example of modifying Windows registry values. This example disables the Windows Task Manager.

## Background

For whatever reason, some people have reason to restrict access to the task manager. Maybe you're a researcher running a long computation and don't want anyone killing your process. Maybe you're a sysadmin trying to lock a computer down. Maybe you're an asshole and don't want people killing your fake av process. An incredible obtrusive way to disable it is by modifying the value of the `SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr` key.

Note that [Malwarebytes](https://blog.malwarebytes.com/detections/pum-optional-disabletaskmgr/) flags this.

The key in question resides at 

Key Location: `SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System`

with

Key Name: `DisableTaskMgr`

Setting this to `1` (true) should be a first order approximation to preventing access to the control panel

## Code

The code is fairly simple. It doesn't take into account that the Key Location doesn't exist. It uses the `winreg` module to first open, then write, and close the registry.