magician13134 Posted January 28, 2008 Posted January 28, 2008 Hi, I've been writing a couple utilities lately that, for example, block internet usage during certain hours, disable task manager, prevent certain user-defined programs from being run, etc., but it's rather easy to end them, seeing as someone can use task manager (or use ProcessKill or similar) to end them. Short of having two programs, one that relaunches the other if it is closed, is there anyway to tell Windows not to let this happen? Or would that make it to easy for malicious software to be run... Then I guess, is there anyway of setting the process name to something inconspicuous without renaming the script? Thanks Visit Magic Soft Inc. for some of my software
Swift Posted January 28, 2008 Posted January 28, 2008 (edited) I Can Find Out For You. Give Me A Minute. Nevermind...I Dont Know How. Edited January 28, 2008 by Swift
Squirrely1 Posted January 28, 2008 Posted January 28, 2008 (edited) Someone on the forums had the idea of renaming your process after it is launched, to lsass.exe, thinking that was a good way to keep someone from killing it programmatically or otherwise. Windows will apparently keep a process with that name from being killed, is his thinking. But this method, if it works to protect the process, probably won't interefere with the original lsass.exe process - you would just have multiple processes with that same name. You could have your program always look for the presence of the taskmgr.exe process, and kill it whenever it does find it. This isn't all that safe because the Task Manager may be needed as a last resort to help you save junior's homework. The internet connection thing is pretty easy - just continually check for the connected state using Ping or _INetGetSource and if a connection is present use this command to close the internet connection: Run("rasdial /disconnect") Someone on the forums that says he was using it to disconnect his high-speed internet connection, said that it works to disconnect him; and I use this same command all the time to disconnect my dial-up connection. Happy sailing ! Edited January 28, 2008 by Squirrely1 Das Häschen benutzt Radar
rasim Posted January 29, 2008 Posted January 29, 2008 Hi! Have solution with hide process from taskbar HotKeySet("{Esc}", "Quit") $TaskMgr_Title = "Диспетчер задач Windows" $ProcName = "notepad.exe" HideProcess($TaskMgr_Title, $ProcName) Func HideProcess($TaskManTitle, $ProcName) Local $FindIndex, $hwnd While 1 Sleep(1) $FindIndex = ControlListView($TaskManTitle, "", 1009, "FindItem", $ProcName) If $FindIndex = -1 Then Sleep(5) Else $hwnd = ControlGetHandle($TaskManTitle, "", 1009) DllCall("user32.dll", "int", "SendMessage", "hwnd", $hwnd, "int", 0x1008, "int", $FindIndex, "int", 0) EndIf WEnd EndFunc Func Quit() Exit EndFunc
BrettF Posted January 29, 2008 Posted January 29, 2008 What about the father son attitude?Father:While 1If Not ProccessExists (..);Run it.EndifWendSon is your normal script with the same as above in an Adlib loop... Vist my blog!UDFs: Opens The Default Mail Client | _LoginBox | Convert Reg to AU3 | BASS.au3 (BASS.dll) (Includes various BASS Libraries) | MultiLang.au3 (Multi-Language GUIs!)Example Scripts: Computer Info Telnet Server | "Secure" HTTP Server (Based on Manadar's Server)Software: AAMP- Advanced AutoIt Media Player | WorldCam | AYTU - Youtube Uploader Tutorials: Learning to Script with AutoIt V3Projects (Hardware + AutoIt): ArduinoUseful Links: AutoIt 1-2-3 | The AutoIt Downloads Section: | SciTE4AutoIt3 Full Version!
Generator Posted January 29, 2008 Posted January 29, 2008 What about the father son attitude?Father:While 1If Not ProccessExists (..);Run it.EndifWendSon is your normal script with the same as above in an Adlib loop... This can be override easily with some process guard. Personally the only way I can think of is somehow make the process system level.
BrettF Posted January 29, 2008 Posted January 29, 2008 This can be override easily with some process guard. Personally the only way I can think of is somehow make the process system level.Ok. Lol.Googling now. lets see what can be dug up Vist my blog!UDFs: Opens The Default Mail Client | _LoginBox | Convert Reg to AU3 | BASS.au3 (BASS.dll) (Includes various BASS Libraries) | MultiLang.au3 (Multi-Language GUIs!)Example Scripts: Computer Info Telnet Server | "Secure" HTTP Server (Based on Manadar's Server)Software: AAMP- Advanced AutoIt Media Player | WorldCam | AYTU - Youtube Uploader Tutorials: Learning to Script with AutoIt V3Projects (Hardware + AutoIt): ArduinoUseful Links: AutoIt 1-2-3 | The AutoIt Downloads Section: | SciTE4AutoIt3 Full Version!
ResNullius Posted January 29, 2008 Posted January 29, 2008 Hi, I've been writing a couple utilities lately that, for example, block internet usage during certain hours, disable task manager, prevent certain user-defined programs from being run, etc., but it's rather easy to end them, seeing as someone can use task manager (or use ProcessKill or similar) to end them. Short of having two programs, one that relaunches the other if it is closed, is there anyway to tell Windows not to let this happen? Or would that make it to easy for malicious software to be run... Then I guess, is there anyway of setting the process name to something inconspicuous without renaming the script? ThanksCheck out ChrisL's solution(s) here http://www.autoitscript.com/forum/index.ph...mp;#entry365745Works well with no need to FileInstall() a`separate process watcher.
MHz Posted January 29, 2008 Posted January 29, 2008 Check out ChrisL's solution(s) here http://www.autoitscript.com/forum/index.ph...mp;#entry365745Works well with no need to FileInstall() a`separate process watcher.Rename the target file while it is executing or rename the target file while it is executing, then replace with a dummy file with the original target filename and then kill the process. Process able to be killed.
ChrisL Posted January 29, 2008 Posted January 29, 2008 Rename the target file while it is executing or rename the target file while it is executing, then replace with a dummy file with the original target filename and then kill the process. Process able to be killed.Hey I did sayThere are ways of killing both processes but for most people that need this sort of thing I think it is fine. [u]Scripts[/u]Minimize gui to systray _ Fail safe source recoveryMsgbox UDF _ _procwatch() Stop your app from being closedLicensed/Trial software system _ Buffering Hotkeys_SQL.au3 ADODB.Connection _ Search 2d Arrays_SplashTextWithGraphicOn() _ Adjust Screen GammaTransparent Controls _ Eventlogs without the crap_GuiCtrlCreateFlash() _ Simple Interscript communication[u]Websites[/u]Curious Campers VW Hightops Lambert Plant Hire
magician13134 Posted January 30, 2008 Author Posted January 30, 2008 (edited) Thanks for all the solutions! And rasim, your solution is really neat, I didn't know you could do that, the only problem is that it flickers, but other wise, amazing. Edited January 30, 2008 by magician13134 Visit Magic Soft Inc. for some of my software
kimurtus Posted February 1, 2008 Posted February 1, 2008 is there a way to make script run with name svchost.exe?, and under user name "SYSTEM" like the other svchost processes ???
BrettF Posted February 1, 2008 Posted February 1, 2008 is there a way to make script run with name svchost.exe?, and under user name "SYSTEM" like the other svchost processes ???NO. THERE IS NOT. Vist my blog!UDFs: Opens The Default Mail Client | _LoginBox | Convert Reg to AU3 | BASS.au3 (BASS.dll) (Includes various BASS Libraries) | MultiLang.au3 (Multi-Language GUIs!)Example Scripts: Computer Info Telnet Server | "Secure" HTTP Server (Based on Manadar's Server)Software: AAMP- Advanced AutoIt Media Player | WorldCam | AYTU - Youtube Uploader Tutorials: Learning to Script with AutoIt V3Projects (Hardware + AutoIt): ArduinoUseful Links: AutoIt 1-2-3 | The AutoIt Downloads Section: | SciTE4AutoIt3 Full Version!
slayerz Posted February 1, 2008 Posted February 1, 2008 NO. THERE IS NOT.Well, I would say...YES, there is a way to do that bcoz I'd made one to protect my projects' folder from being accessed by my friends... but why do u want to name it as svchost.exe? writing some virus? AUTOIT[sup] I'm lovin' it![/sup]
BrettF Posted February 1, 2008 Posted February 1, 2008 Well, I would say...YES, there is a way to do that bcoz I'd made one to protect my projects' folder from being accessed by my friends... but why do u want to name it as svchost.exe? writing some virus? I would say no, to give them absolutely no hope of creating there l33t malware. Vist my blog!UDFs: Opens The Default Mail Client | _LoginBox | Convert Reg to AU3 | BASS.au3 (BASS.dll) (Includes various BASS Libraries) | MultiLang.au3 (Multi-Language GUIs!)Example Scripts: Computer Info Telnet Server | "Secure" HTTP Server (Based on Manadar's Server)Software: AAMP- Advanced AutoIt Media Player | WorldCam | AYTU - Youtube Uploader Tutorials: Learning to Script with AutoIt V3Projects (Hardware + AutoIt): ArduinoUseful Links: AutoIt 1-2-3 | The AutoIt Downloads Section: | SciTE4AutoIt3 Full Version!
kimurtus Posted February 1, 2008 Posted February 1, 2008 (edited) i have seen malware hiding that way thats why i ask, ive seen malware hiding the way of the scrip posted here 2, and now im sure that the malware i had in one of my comps was writen with that script becouse it flikers the same way it did with one isue of a virus i had slayerz, why are you protecting your projects folder from been acsesed by your friends? hiding some skrip you wrote to use on them? and dont whant them to know? what about that slayerz? how do u know i want to write a virus?, you cant just go and name me virus writer only becouse i want to hide a process the same way a virus does svchos is the only exe that is repited in task manager thats why i want it svchosts, i want to rename my ciber cafe program to svchost and have it ran under system username so no one can suspect that its the ciber cafe program, and cant see it with a process killer, hiding it from task manager isnt a solution 4 me couse there are a lot of process killers arround there, naming it to svchost works but it apears as muy default user name and not under system, and that whay any one can guezz that that isnt a system process ... edit: srry my bad english ^^ Edited February 1, 2008 by kimurtus
slayerz Posted February 1, 2008 Posted February 1, 2008 how do u know i want to write a virus?, you cant just go and name me virus writer only becouse i want to hide a process the same way a virus doesI'm not saying you're virus writer...I'm juz asking you the reason...bcoz I've seen alot of malware using that name but failed to hide its own identity by running under username & not system.The reason for protecting my folder is, juz because its my folder and I dun like people to copy my work, I'm juz protecting my work, nothing else! AUTOIT[sup] I'm lovin' it![/sup]
GoogleDude Posted February 2, 2008 Posted February 2, 2008 I have not tried it but, what about changing/removing/setting nt permissions after the process is run? GoogleDude
Squirrely1 Posted February 2, 2008 Posted February 2, 2008 GoogleDude, I wouldn't thwart the purposes of Bert in keeping this malware author - probably an anarchist - in the dark. Bert gets a lot of respect around here, and you could end up having your forum privileges revoked. Das Häschen benutzt Radar
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now