The following code is really simple. It restricts access to the current process. In this way no other process can open the process handle and for example terminate this process.

uses
  JwaWindows,
  JwsclSecureObjects,
  JwsclDescriptor,
  JwsclToken,
  JwsclTypes,
  JwsclAcl,
  JwsclKnownSid;

var
  SD : TJwSecurityDescriptor;
  hProcess : TJwProcessHandle;
begin
  JwInitWellKnownSIDs;

  hProcess := OpenProcess(READ_CONTROL or WRITE_DAC, false, GetCurrentProcessId());
  if hProcess <> 0 then
  try
    SD := TJwSecureGeneralObject.GetSecurityInfo(hProcess,SE_KERNEL_OBJECT, [siDaclSecurityInformation]);
    try
      SD.DACL.Clear;
      SD.DACL.Add(TJwDiscretionaryAccessControlEntryAllow.Create(nil, [], GENERIC_ALL, JwLocalSystemSID));

      //allow read access to the current user
      SD.DACL.Add(TJwDiscretionaryAccessControlEntryAllow.Create(nil, [], GENERIC_READ, JwSecurityProcessUserSID));

      TJwSecureGeneralObject.SetSecurityInfo(hProcess, SE_KERNEL_OBJECT, [siDaclSecurityInformation], SD);
    finally
      SD.Free;
    end;
  finally
    CloseHandle(hProcess);
  end;
end;

However there are some problems:

  1. This code does not prevent the user from reverting the process DACL to the original state. An owner of the process can always change the DACL even if she is not listed in it. So the code just prevents a beginner from closing the application forcefully.
  2. Any user with the DEBUG privilege can open the process with full access using OpenProcess. The taskmanager uses this way to terminate a process – if TaskManager is started with administrative rights.

The only way to prevent a restricted user from terminating the application is to run the process with a foreign account (e.g. CreateProcessAsUser) and make sure that the user is not listed in the DACL. However if this user gets the DEBUG privilege the game is over.