Jump to content

Authorize app to run


pintas
 Share

Recommended Posts

I've been looking for some software that prevents applications from running, like an exe blocker.

I've seen here in the forum, Executable Blocker, but its not working for me, and it's not exactly what i'm looking for.

I'm trying to make a script that allows only specific software to run, instead of blocking undesired software. So, what i'm looking for it help making a script that blocks/prevents windows executables from running except if they are white-listed. I'm considering working only with .exe files for now.

Does anyone have any idea in how to do this?

Can anyone point me in the right direction please?

Link to comment
Share on other sites

It could be a start ...Posted Image

#include <Array.au3>

Local $_AuthorizedProcess[11] = [10, 'smss.exe', 'csrss.exe' , 'winlogon.exe', 'services.exe', 'lsass.exe', 'svchost.exe', 'explorer.exe', 'SciTE.exe', 'AutoIt3Wrapper.exe', 'AutoIt3.exe' ]
$ProcessList = ProcessList ( ) 
If IsArray ( $ProcessList ) Then
    For $I = 1 To $ProcessList[0][0]
        If Not _AlreadyInArray ( $_AuthorizedProcess, $ProcessList[$I][0] ) Then ConsoleWrite ( "ProcessClose : " & $ProcessList[$I][0] & @Crlf )
    Next
EndIf

Func _AlreadyInArray ( $_SearchArray, $_Item )
    $_Index = _ArraySearch ( $_SearchArray, $_Item ) 
    If @error Then      
        Return False
    Else  
        If  $_Index <> 0 Then
            Return True
        Else 
            Return False
        EndIf   
    EndIf
EndFunc ;==> _AlreadyInArray ( )

be carefull with system process...

Edited by wakillon

AutoIt 3.3.14.2 X86 - SciTE 3.6.0WIN 8.1 X64 - Other Example Scripts

Link to comment
Share on other sites

I've been looking for some software that prevents applications from running, like an exe blocker.

I've seen here in the forum, Executable Blocker, but its not working for me, and it's not exactly what i'm looking for.

I'm trying to make a script that allows only specific software to run, instead of blocking undesired software. So, what i'm looking for it help making a script that blocks/prevents windows executables from running except if they are white-listed. I'm considering working only with .exe files for now.

Does anyone have any idea in how to do this?

Can anyone point me in the right direction please?

I think that AV's use dll tricks but I have a simple solution that I've made especialy for you :graduated:

#cs ----------------------------------------------------------------------------

 AutoIt Version: 3.3.4.0
 Author:         myName

 Script Function:
    Template AutoIt script.

#ce ----------------------------------------------------------------------------

; Script Start - Add your code below here
Local $a_pl, $s_pl ;Will contains processes ids

While 1
    $a_pl = ProcessList()

    If $s_pl = "" Then ;First pl check
        For $i = 1 to $a_pl[0][0]
            $s_pl &= $a_pl[$i][1] & ";"
        Next
    Else
        For $i = 1 to $a_pl[0][0]
            If Not StringInStr($s_pl, $a_pl[$i][1]) Then
                $s_pl &= ";" & $a_pl[$i][1]
                _ProcessSuspend($a_pl[$i][1]) ;suspend the process

                ;Check here if the process is allowed to run
                Local $iMsg = MsgBox(36, "", "Allow the process " & $a_pl[$i][0] & " ?")

                If $iMsg = 6 Then
                    _ProcessResume($a_pl[$i][1]) ;resume the process
                Else
                    ProcessClose($a_pl[$i][1]) ;kill the process [or let the process suspended (in this case comment this line)]
                EndIf
            EndIf
        Next
    EndIf
WEnd


;Author: The Kandie Man
Func _ProcessSuspend($process)
    $processid = ProcessExists($process)
    If $processid Then
        $ai_Handle = DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', 0x1f0fff, 'int', False, 'int', $processid)
        $i_sucess = DllCall("ntdll.dll","int","NtSuspendProcess","int",$ai_Handle[0])
        DllCall('kernel32.dll', 'ptr', 'CloseHandle', 'ptr', $ai_Handle)
        If IsArray($i_sucess) Then
            Return 1
        Else
            SetError(1)
            Return 0
        Endif
    Else
        SetError(2)
        Return 0
    Endif
EndFunc

;Author: The Kandie Man
Func _ProcessResume($process)
    $processid = ProcessExists($process)
    If $processid Then
        $ai_Handle = DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', 0x1f0fff, 'int', False, 'int', $processid)
        $i_sucess = DllCall("ntdll.dll","int","NtResumeProcess","int",$ai_Handle[0])
        DllCall('kernel32.dll', 'ptr', 'CloseHandle', 'ptr', $ai_Handle)
        If IsArray($i_sucess) Then
            Return 1
        Else
            SetError(1)
            Return 0
        Endif
    Else
        SetError(2)
        Return 0
    Endif
EndFunc

Br, FireFox.

Link to comment
Share on other sites

Think i found it here:

Soviet Protector

But this is C, right? Any idea witch compiler/editor to use for this code?

For now i'll be playing with FireFox's script, it very close to my needs. But i'm guessing the Soviet Protector would probably be the way to do it, but i'll waste much more time with it.

Link to comment
Share on other sites

Yes that's it and yes it's C++ code. It would be a better way to do what you are looking for.

The script posted above has two failing points. One, if a process is started, the script has to recognize it and kill it. This means it is able to run a few commands possibly. Two, if one of those commands is to kill the search process, then you have no protection.

Soviet Protector may be more complicated, but it prevents process from starting at all.

Also, you originally asked for software in the first post, not just a script. So my suggestion kinda fit what you asked for.

Edited by Richard Robertson
Link to comment
Share on other sites

Also, you originally asked for software in the first post, not just a script. So my suggestion kinda fit what you asked for.

Oh it does. Absolutely.

But i'm now a little confused. Isn't that link i posted for the soviet protector you mentioned? I couldn't find it compiled though.

edit: Cool! My 100th post. :graduated:

Edited by pintas
Link to comment
Share on other sites

To prevent apps from running instead of killing them as soon as they open is obviously the right way to do it.

But is there a way to do it in AutoIt? To prevent an .exe or a .scr from running for ex.?

FireFox's script stop apps when they are open, witch allows them to run for a bit, and the cpu goes of the roof if it runs in real time, so i need to get a 'sleep(50)' in it, witch in return, will only increase the time the apps will be allowed to run, thus running more code. I really don't want them to run any code at all.

How can i do this? How can i really prevent apps from running? Help?! :graduated:

Link to comment
Share on other sites

It's not exactly what you want but If you know executable name you want to block

you can do it by Registry :

RegWrite ( 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer', 'DisallowRun', "REG_DWORD", 0x00000001 )
RegWrite ( 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun', '1', "REG_SZ", 'emule.exe' )
RegWrite ( 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun', '2', "REG_SZ", 'utorrent.exe' )
RegWrite ( 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun', '3', "REG_SZ", 'GTAIV.exe' )

Reboot is needed.

In fact, it would be a AllowRun key for what you need but i don't know if it exists...Posted Image

( After some try just restart explorer )

Edited by wakillon

AutoIt 3.3.14.2 X86 - SciTE 3.6.0WIN 8.1 X64 - Other Example Scripts

Link to comment
Share on other sites

It's not exactly what you want but If you know executable name you want to block

you can do it by Registry :

...

Reboot is needed.

With no wish to comment posted solution...

Just to say that reboot hardly ever is. Restart of the explorer for changes to take effect is what's really needed.

♡♡♡

.

eMyvnE

Link to comment
Share on other sites

Exactly. That kinda helps to some extent, but the AllowRun would indeed be perfect. :graduated:

Thanks

Yes but the problem with a whitelist is that you should not forget any windows system process !

and there are many.Posted Image

Edited by wakillon

AutoIt 3.3.14.2 X86 - SciTE 3.6.0WIN 8.1 X64 - Other Example Scripts

Link to comment
Share on other sites

But my intention is to allow everything that is already running/installed on the computer, and whitelist chosen new applications.

I just want to block specific files (blacklist them) or anything new to the system, like viruses or whatever.

Edited by pintas
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...