Sign in to follow this  
Followers 0
sylvanie

monitor your security process

9 posts in this topic

Hello,

I ve written this program to be alerted when a program or a bad guy :) try to stop it and so to avoid a possible attack.

ps : if you want to try it replce the exe list by your exe

; program which monitor if secure programs are running and display an alert if one doesn't run (and can shutdown the PC if nobody get a answer)
AutoItSetOption("TrayIconHide", 1)
$tab=stringsplit("persfw.exe,ashserv.exe,ashMaiSv.exe,ashWebSv.exe,ashDisp.exe",",");it's a list of my processes to monitor (firewall, antivirus), replace by yours
sleep(45000); wait 45 s to be sure that all processes are started (generally they are launched by services, it's just to be sure)
while 1
    for $cpt=1 To $tab[0]
        If ProcessExists ( $tab[$cpt] )=0 then alarm($tab[$cpt])
    Next
    sleep(10000)
WEnd

Func alarm(ByRef $txt)

$val = MsgBox(20,"Alerte Process arrêté !",$txt&" n'est plus actif, voulez vous le réactiver ?"& @CRLF & "(En cas de non l'ordinateur se fermera !)",5); notify that a program is not running and ask if we want to launch it manually. A timeout of 5 sec is used
if $val=6 Then;case yes
    while 1
        $file=FileOpenDialog("Programme à relancer",@AppDataCommonDir,"(*.exe)",3,$txt);open a file dialog
        if $file<>-1 Then
            $tabctrl=StringSplit($file,"\")
            if $txt=$tabctrl[$tabCtrl[0]] Then ; test if the file selected has the same name that the process stopped
                Run($file)
                Return
            Else 
                $val2=MsgBox(16,"mauvais exe","Vous n'avez pas choisi le bon programme",3); notify that the file selected has not the same name that the process stopped with a timeout of 3 sec
                if $val2=-1 Then; case of timeout is reached
                    $val=-1
                    ExitLoop
                EndIf
            EndIf
        Else
            $val=-1
            ExitLoop
        EndIf
    WEnd
EndIf

If $val=-1 or $val=7 Then Shutdown (5); if timeout is reached or no is pressed,  we make a shutdown to avoid a possible attack (expl : if firewall is stopped)
EndFunc

bye


Share this post


Link to post
Share on other sites

looks useful


[font="Times"] If anyone remembers me, I am back. Maybe to stay, maybe not.----------------------------------------------------------------------------------------------------------[/font][font="Times"]Things I am proud of: Pong! in AutoIt | SearchbarMy website: F.R.I.E.S.A little website that is trying to get started: http://thepiratelounge.net/ (not mine)[/font][font="Times"] ----------------------------------------------------------------------------------------------------------[/font][font="Arial"]The newbies need to stop stealing avatars!!! It is confusing!![/font]

Share this post


Link to post
Share on other sites

Since you hardcode the apps, why not put the filename of the exe in and only open the FileOpenDialog() if Not FileExists(). That way you get alerted, but the process will start on its own.

Now you got me thinking, Damn you!! :)

1) What about having it read from a file what apps to monitor

2) Have a GUI that lets you select a process and stop it from the GUI, which wont cause it to be restarted until you do so in the GUI. This would allow you to turn off antivirus to install an app.

3) Now I want to do this :D


Start -> Programs -> AutoIt v3 -> AutoIt Help File -> Index -> (The Function you are asking about)----- Links -----DllStruct UDFsRSA Crypto UDFs

Share this post


Link to post
Share on other sites

now you made me want to make some sort of security program!


[font="Times"] If anyone remembers me, I am back. Maybe to stay, maybe not.----------------------------------------------------------------------------------------------------------[/font][font="Times"]Things I am proud of: Pong! in AutoIt | SearchbarMy website: F.R.I.E.S.A little website that is trying to get started: http://thepiratelounge.net/ (not mine)[/font][font="Times"] ----------------------------------------------------------------------------------------------------------[/font][font="Arial"]The newbies need to stop stealing avatars!!! It is confusing!![/font]

Share this post


Link to post
Share on other sites

hello

thanks for your comments :D

Since you hardcode the apps, why not put the filename of the exe in and only open the FileOpenDialog() if Not FileExists(). That way you get alerted, but the process will start on its own.

The files are all existing and are all launched at the start of windows ( they are services) so it will display an alert not if the process is not started but if it is stopped. And in the case of an alert, I launch it manually to control that it starts without problem.

1) What about having it read from a file what apps to monitor

Yes, of course it's a simple way to store it, but I prefer to store it in the compiled form of this script, because an external file could be removed or changed too easily. Of course, we can associate a HMAC fingerprint or another algorithm to check integrity ... but I prefer recompil my code if I need to supress or add a program to monitor.

2) Have a GUI that lets you select a process and stop it from the GUI, which wont cause it to be restarted until you do so in the GUI. This would allow you to turn off antivirus to install an app.

Yes ! I haven't thought about the need of disabling the antivirus for install or the firewall for tests. I'll take the easier way to do this : I stop this autoit program and after, I stop the antivirus. But your idea of GUI to start and stop exe (and why not services) is very good . :)

3) Now I want to do this 

now you made me want to make some sort of security program!

Great ! it makes me happy ! :D


Share this post


Link to post
Share on other sites

we should all work and create a super program


[font="Times"] If anyone remembers me, I am back. Maybe to stay, maybe not.----------------------------------------------------------------------------------------------------------[/font][font="Times"]Things I am proud of: Pong! in AutoIt | SearchbarMy website: F.R.I.E.S.A little website that is trying to get started: http://thepiratelounge.net/ (not mine)[/font][font="Times"] ----------------------------------------------------------------------------------------------------------[/font][font="Arial"]The newbies need to stop stealing avatars!!! It is confusing!![/font]

Share this post


Link to post
Share on other sites

but.. IM TOO LAZY!

Share this post


Link to post
Share on other sites

me to, it took me 2 weeks to get myself to work on SearchBar for an hour


[font="Times"] If anyone remembers me, I am back. Maybe to stay, maybe not.----------------------------------------------------------------------------------------------------------[/font][font="Times"]Things I am proud of: Pong! in AutoIt | SearchbarMy website: F.R.I.E.S.A little website that is trying to get started: http://thepiratelounge.net/ (not mine)[/font][font="Times"] ----------------------------------------------------------------------------------------------------------[/font][font="Arial"]The newbies need to stop stealing avatars!!! It is confusing!![/font]

Share this post


Link to post
Share on other sites

now you made me want to make some sort of security program!

<{POST_SNAPBACK}>

I don't know if this is exactly what your talking about but I recently strated a monitering program for my teacher in the computer labe to moniter the students and report to him if they are doing somthing they shouldn't,

[center][/center]Working on the next big thing.Currently Playing: Halo 4, League of LegendsXBL GT: iRememberYhslaw

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0