Say I have a simple C# monitoring program that is to be installed on some company computers, so I know what the employees are doing. The program is a single .exe file that works in the system tray. How do I prevent employees from closing this program? Is there a way to be notified when a program is closed?
If you don't want users to close your program, run it under a different account. Normal users can't kill processes they don't own, ie that run using different accounts. Of course, this means that you can't run your program as a simple application that displays a taskbar notification. You will have to convert it to a service.
In fact, a service makes a lot more sense than a user application in this scenario. If you want to display feedback or options to the user you can still create an app that creates a taskbar icon and communicates with your service
Set it up as a service and in the options for the service on first, second, and third failure - make it reboot the computer. Have the service login-as an service user with a strong password and prevent the users from running as Administrators. This should solve your problem and probably create a bit of annoyance at the same time.
The short answer: No.
The long answer: Yes...write a rootkit which will either guard or hide your process. Otherwise the users will be able to kill the process f.e. via the Task-Manager or any other means. Same goes for any helper processes which would monitor your application.
Related
I have two application which is a main and a sub. both can also be opened separately and the main can also open the sub.Since the main application is in the administrative mode, the sub-application when opened from the main application is also opening in the same mode. Is there any possible way where can I open the sub-application in a normal but I need to have the base application running in the admin mode. The problem is I need to drag and drop files in the sub-application which cant be done when the application is in administrator mode.
Getting rid of Adminsitrative Privileges is surprisingly hard. It is nigh impossible to get rid of them, like starting a non-Elevated Process from a elevated one. It is a a vexing property of Windows.
There are ways but they usually involve unmanaged code (Windows API) and are not that stable.
It is possibly if you have the Application user/System Adminsitrator Specify a specific Windows User that he he maintains explicitly as one without Administrative Privileges. The way most non-elevated Services are started is by a explicit Windows User that is set in the Service Manager.
Most programmers eventualy settle to dodge this Problem entirely via an approach like this:
Have both Process A and B designed to always start non-Elevated (no Manifest or anything demand Elevation)
Modify Process A to detect that it is non-Elevated right now
Let Process A try to start a Elevated copy of itself via Runas with proper Options.
If the user is always Elevated (because the UAC is turned off or soemthing like that), it is out of your hands.
As I learned the hard way, there is also a chance that elevation might fail due to faulty Windows configuration. Again, this is out of your hands.
Of course there is the big question of why this is a Problem to begin with and if that is perhaps a XY Problem. Drag & Drop might have those limits. But do you have to use D&D for this? There are many ways to go about Interprocess Communicaiton. Most of them do not suffer such Limitations. D&D is just one of them.
I'm making a Parental Control program in C#. What I want to do is make my program cannot be exited. How can I do this in C#? I've searched on Google, but found nothing.
You can't. The Operating System always has control, so through the OS you can always exit (force kill) an application, for example through the task manager.
A light-weight solution could be another application that checks if the app is active or not. If not, start it again. The main program checks if the check program is there and starts it if necessary.
Another solution would be to run a service under an administrative account. That would only be a feasible option if you don't need to have access to the screen of the user.
Do you really mean impossible to exit ? Or just like hide the close cross or something ?
If you mean make the program impossible to kill, even in task manager, this seems to be a bad idea. If it's impossible for a user to kill a progra, how Windows would kill it ?
If I were you I would maybe protect the program shut down with a password.
AntiVirus software also achieves that. I just don't know how they do that exactly. But you should start with running your program as a service. That makes it quite difficult already for average users.
Then find out how to avoid that the service is stopped. I think you also need to run it under the system user account.
If you need a GUI for administration, then you should write a 2nd program that communicates with your service.
Here' some info how to (try to) kill an unstoppable service:
https://superuser.com/questions/338539/how-to-stop-an-unstoppable-windows-7-service/338560
So that's the opposite of what you want to achieve. Meaning, if your service stands all of these attacks, you have succeded.
After some Internet search I found these (the results 1 to 5, and 8, in searching for "c# create service avoid stopping"):
Prevent Windows service manager from stopping a service c#
Protecting a Windows Service from untrusted users
(Stop Windows Service and avoid time out warning message)
https://social.msdn.microsoft.com/Forums/vstudio/en-US/95ab8bf4-fa18-4f37-8a92-dc0b346afb76/prevent-a-user-from-killing-a-windows-service?forum=csharpgeneral
https://msdn.microsoft.com/en-us/library/9k985bc9(v=vs.110).aspx
http://www.csharp-examples.net/restart-windows-service/
I want to run an Application at system startup.
I know it will run under Session 0.
I want System-Wide (works for All Users) Hotkey
This Hotkey Shows/Hides a GUI that is populated by the Application
As an example, Deepfreeze by Faronics does this exact thing. It runs under Session 0 and no matter which user you log in as you can press CTRL ALT SHIFT F6 and bring up a GUI. I know Deepfreeze is not .NET just fyi.
Who among you knows how to replicate this scenario?
You need to have two processes, this is how system services operate. The first process is the service itself. The second process is the GUI and it is started when a user logs in to Windows. Then these two processes communicate using named pipes or any other inter process communication means.
I recommend you to read a few chapters of any book devoted to services programming, because this is very basic information you find there.
I doubt this is even possible. So your app is running and user decides to End Process via Task Manager. Is there a method/action to save data during process.kill? I doubt there is but I had to ask.
Also, if a user shuts down/restarts PC (as in windows update/manual restart), what action would the app execute? Window_Unloaded? On this second question, I would like to find a way to ensure my app does not show up as a 'if you want to restart, kill this app' situation and want to save needed data.
Your two cents is greatly appreciated!
It's not possible to do what you want unless you have two processes; one monitoring the other one's status and do some stuff upon its termination. The watchdog process might be a Windows Service Application without GUI.
Windows sends a quit message to every opened application when normal shutdown occurs. You can run some code (usually housekeeping stuff) upon receiving the message and exit the application. It shouldn't take long or Windows will automatically ask user if they want to kill the application.
Force shutdown kills all processes immediately (in no particular/predictable order). So you can't (easily) detect it.
I suggest you to save everything needed as soon as possible to prevent data loss when the application process gets killed.
If something terminates your running app, then you don't get an opportunity to do anything, just die. You modify your app such that all data is always saved to some persistent location, so if the app dies, the persisted data remains. Obviously you have to design for this. Then if the user does a "save", you commit to the "real" datastore.
If Windows is going to reboot, it should send a message to your app, which you can handle. Not sure if this works for all GUI/console/service -type apps however.
Okay I've spent the afternoon researching and haven't had much luck finding the answer to this. I am trying to prevent an application from launching via some sort of dll or background application. It is to be used in monitoring application usage and licenses at my institution. I have found leads here regarding WqlEventQuery and also FileSystemWatcher. Neither of these solutions appear to work for me because:
With WqlEventQuery I was only able to handle an event after the process was created. Using notepad as a test, notepad was visible and accessible to me before my logic closed it. I attempted to Suspend/Resume the thread (I know this is unsafe but I was testing/playing) but this just hung the window until my logic finished.
With FileSystemWatcher I was not able to get any events from launching a .exe, only creating, renaming and deleting files.
The goal here is to not let the application launch at all unless my logic allows it to launch. Is this possible? The next best solution I came up with was forcing some type of modal dialog which does not allow the user to interact with anything, once the dialog is closed the application is killed. My concern here is killing the application nicely and handling applications with high overhead when they load such as Photoshop or something. This would also interfere with a feature I was hoping to have where the user could enter a queue until a license is available. Is this my best route? Any other suggestions?
Thanks
edit: To clarify this is not a virus or anything malicious. It's not about preventing access to a blacklist or allowing access through a whitelist. The idea is to check a database on a case by case basis for certain applications and see if there is a license available for use. If there is, let the app launch, if not display a dialog letting the user know. We also will use this for monitoring and keeping track if we have enough licenses to meet demand, etc. An example of one of these apps is SPSS which have very expensive licenses but a very limited pool of people using it.
Could you use
System.Diagnostics.Process.GetProcessesByName
in a loop to look for the process?
It might work if you don't use too aggressive a polling rate.
You are indeed close, take a look at the WMI Management Events. http://msdn.microsoft.com/en-us/library/ms186151%28VS.80%29.aspx
Sample code from Microsoft: http://msdn.microsoft.com/en-us/library/ms257355(VS.80).aspx
Subscribing to the appropriate event will provide your application with the appropriate information to perform what you described.
Not sure if this is a GOOD solution but you could do something like pass a key into main so that if the key is not present or valid the application shuts down. Then when you open the application in your code, just pass the key in. Someone would then have to know the key in order to start the application.
This is assuming you have access to the application in question's source code, which upon reading your question again, I'm not so sure of.
I assume you don't have source for the application you want to prevent from loading...
Have you considered using a system policy? That would be the best-supported way to prevent a user from launching a program.
You could have a service running that force-kills any app that isn't "whitelisted", but I can't say how well that would work.
I wonder if you are taking the wrong approach. Back in the day there was a Mac app that would prevent access to the desktop and had buttons to launch a set list of applications.
IDEA
What if you had a wrapper for the approved apps then only allow your wrapper to run on the computer?
I would expect there is some way of hooking an application launch, but can't help directly on that front.
You may be able to improve your current approach by detecting the application's window opening and hiding it (move it offscreen) so that the user can't attempt to interact with it while you are trying to shut it down.
However, another approach that may be possible (depending on your circumstances) would be to write an application launcher. This simply is a replacement for the shortcut to the application that checks your licencing conditions, and then does a Process.Start to launch the real .exe at that point. This would work well for any application. (I used a system like this for starting up applications with specialised environment settings and it works beautifully)
You could combine this with your current approach as a fall-back for "clever" users who manage to circumvent your launcher.
If my understanding is right you want to create an application what will prevent the computer user to start any other process except ones for a white-list.
If this is the case, monitor the process list of processes (in a while loop) using System.Diagnostics.Process (the GetProcesses method gives the list of all running ones)
Just kill the process when it starts.
Or if your machines have Windows 7 (Windows 2008??) you can use AppLocker. http://www.microsoft.com/windows/enterprise/products/windows-7/features.aspx#applocker Just let Windows prevent the startup.
You might want to look at this product: http://www.sassafras.com/licensing.html Personally I can't stand it, but that's because it does what you describe. Might save you some coding.
You could actually edit the registry so when you click a psd, your launcher gets called instead of photoshop. Your launcher then checks for licenses and if there is one starts photoshop with the path of the file.
This is a long shot but you may find it helpful.
Perceived Types and Application Registration
http://msdn.microsoft.com/en-us/library/cc144150(VS.85).aspx