Okay I've spent the afternoon researching and haven't had much luck finding the answer to this. I am trying to prevent an application from launching via some sort of dll or background application. It is to be used in monitoring application usage and licenses at my institution. I have found leads here regarding WqlEventQuery and also FileSystemWatcher. Neither of these solutions appear to work for me because:
With WqlEventQuery I was only able to handle an event after the process was created. Using notepad as a test, notepad was visible and accessible to me before my logic closed it. I attempted to Suspend/Resume the thread (I know this is unsafe but I was testing/playing) but this just hung the window until my logic finished.
With FileSystemWatcher I was not able to get any events from launching a .exe, only creating, renaming and deleting files.
The goal here is to not let the application launch at all unless my logic allows it to launch. Is this possible? The next best solution I came up with was forcing some type of modal dialog which does not allow the user to interact with anything, once the dialog is closed the application is killed. My concern here is killing the application nicely and handling applications with high overhead when they load such as Photoshop or something. This would also interfere with a feature I was hoping to have where the user could enter a queue until a license is available. Is this my best route? Any other suggestions?
Thanks
edit: To clarify this is not a virus or anything malicious. It's not about preventing access to a blacklist or allowing access through a whitelist. The idea is to check a database on a case by case basis for certain applications and see if there is a license available for use. If there is, let the app launch, if not display a dialog letting the user know. We also will use this for monitoring and keeping track if we have enough licenses to meet demand, etc. An example of one of these apps is SPSS which have very expensive licenses but a very limited pool of people using it.
Could you use
System.Diagnostics.Process.GetProcessesByName
in a loop to look for the process?
It might work if you don't use too aggressive a polling rate.
You are indeed close, take a look at the WMI Management Events. http://msdn.microsoft.com/en-us/library/ms186151%28VS.80%29.aspx
Sample code from Microsoft: http://msdn.microsoft.com/en-us/library/ms257355(VS.80).aspx
Subscribing to the appropriate event will provide your application with the appropriate information to perform what you described.
Not sure if this is a GOOD solution but you could do something like pass a key into main so that if the key is not present or valid the application shuts down. Then when you open the application in your code, just pass the key in. Someone would then have to know the key in order to start the application.
This is assuming you have access to the application in question's source code, which upon reading your question again, I'm not so sure of.
I assume you don't have source for the application you want to prevent from loading...
Have you considered using a system policy? That would be the best-supported way to prevent a user from launching a program.
You could have a service running that force-kills any app that isn't "whitelisted", but I can't say how well that would work.
I wonder if you are taking the wrong approach. Back in the day there was a Mac app that would prevent access to the desktop and had buttons to launch a set list of applications.
IDEA
What if you had a wrapper for the approved apps then only allow your wrapper to run on the computer?
I would expect there is some way of hooking an application launch, but can't help directly on that front.
You may be able to improve your current approach by detecting the application's window opening and hiding it (move it offscreen) so that the user can't attempt to interact with it while you are trying to shut it down.
However, another approach that may be possible (depending on your circumstances) would be to write an application launcher. This simply is a replacement for the shortcut to the application that checks your licencing conditions, and then does a Process.Start to launch the real .exe at that point. This would work well for any application. (I used a system like this for starting up applications with specialised environment settings and it works beautifully)
You could combine this with your current approach as a fall-back for "clever" users who manage to circumvent your launcher.
If my understanding is right you want to create an application what will prevent the computer user to start any other process except ones for a white-list.
If this is the case, monitor the process list of processes (in a while loop) using System.Diagnostics.Process (the GetProcesses method gives the list of all running ones)
Just kill the process when it starts.
Or if your machines have Windows 7 (Windows 2008??) you can use AppLocker. http://www.microsoft.com/windows/enterprise/products/windows-7/features.aspx#applocker Just let Windows prevent the startup.
You might want to look at this product: http://www.sassafras.com/licensing.html Personally I can't stand it, but that's because it does what you describe. Might save you some coding.
You could actually edit the registry so when you click a psd, your launcher gets called instead of photoshop. Your launcher then checks for licenses and if there is one starts photoshop with the path of the file.
This is a long shot but you may find it helpful.
Perceived Types and Application Registration
http://msdn.microsoft.com/en-us/library/cc144150(VS.85).aspx
Related
I need to develop an application that will run on clients. The main focus is to let the application update another -specific- application and be able to monitor own defined states for clients. I'm considering something like a console application with TopShelf because it makes debug a lot easier. However... to install or update this specific application I must use a MSI. But if for example I create a process that executes msiexec the client/end user will be prompt with UAC. This is a big issue because clients should be updated unattended. And UAC must stay the way it is : highest level.
I've read a lot of questions/answer concerning UAC prompt... and to be honest I'm starting to doubt my own approach. I was not able to find any question that I could relate to.. so I would appreciate it if someone could give me some good advise, tips, references etc on a possible way to approach this issue.
Thanks in advance
Create a Task Scheduler job with the "Run with highest privileges" option checked.
You can easily create this job programatically, even using a XML configuration file.
This way the user is prompted to allow UAC only once (when first clicking an exe for example).
I want to launch my application, like the windows security prompt, before any application is launched in Windows 8.
Is there any event handler, which gets notified whenever any application is launched?
My use Case : I want an App similar to a child lock(Lets call it myCustomApp).
When any user runs a game(say Solitare), i want myCustomApp to check the process name, and kill the process immediately.
P.S. : i am quite new to programming.
Thanks in advance!
Is there any event handler, which gets notified whenever any application is launched?
Yes: you get use WMI events to detect new instances of Win32_Process.
But these are created with process creation, not before.
Doing something between the call to ProcessCreate that creates the new process, and the process actually being created is going to be, at best hard (you might need to do it in the kernel), but quite possibly impossible.
Why do you want to do this? What problem are you trying to solve? This really does sound like an X-Y problem.
Edit:
The term you need to use is hook: the interception of some operation on windows. Eg. "Is it possible to hook the creation of windows globally so I can control where the windows are placed on the screen?"
There is a direct way in the kernel: PsSetCreateProcessNotifyRoutine
There are helpers in user mode (eg. EasyHook), but these require injected your code into each process (which anti-malware tools are likely to object to).
But you should still start out by looking for better approaches to you underlying problem.
I am writing an application in c# to lock or freeze all programs untill user enters a value in the app's textbox and clicks ok.
The purpose of the app would be to get people to enter their time.
As far as I know you can set it to top most but they can end the app with task manager so am stuck here..
formName.TopMost = true;
Any help would be appreciated
Yes, that's correct. The Windows operating system allows multiple programs to run at one time. What you're experiencing is entirely by design.
If I remember correctly, the TopMost property applies only to windows in your process, and as you mention, it's all quite irrelevant: the user can still kill your application using the Task Manager.
There's no legitimate way of getting around that. It's not a "limitation", it's a feature. Any app that prevents itself from being closed by the Task Manager is treading dangerously closely on the category of software that we call malware. Nothing good can come out of pursuits like this.
Relevant reading: The arms race between programs and users
Perhaps a good compromise solution is to make your window/form actually top-most and disable the Close button so that the user knows they shouldn't try and close it. This is almost always enough to stop a user that is not determined to end your application by any means necessary, and that's about all you should ever be concerned with.
See the sample code here for how to make your window/form always appear on top of other running applications by setting the WS_EX_TOPMOST flag or toggling HWND_TOPMOST.
I've also already written a detailed answer here about disabling the Close button the correct way by setting the CS_NOCLOSE class style.
Would anyone be able to point me to docs/api that allow me to put a custom
button or link on windows lock screen ?
I want to be able to launch a custom program from there.
Thanks.
Ralph
What do you mean on "lock screen" ?
You can just run:
rundll32 USER32.DLL,LockWorkStation
This will lock the current user, but doesn't log off.
You can run it in "cmd" or "Run (Start Menu)"
OR... if using C, VB, Delphi, others... you can just call function "LockWorkStation" at USER32.DLL, and remember it's case sensitive.
It is highly unlikely that Microsoft would readily allow you to do something like that because it would be a security loophole of note. The point is that if no one is currently authorised to use the machine, it shouldn't be possible to run programs. Suddenly despite your best and honest intentions - your program becomes a potential backdoor to hack into machines.
The only kind of custom "application" MS might allow from the login screen would be alternate authentication mechanisms (e.g. fingerprint reader).
These would probably be implemented at the driver level, and have to interact with a very specific API. Even then, I doubt such a driver would be allowed to run an arbitrary application.
You may want to rather consider having your application run on a schedule or as a service without user interaction.
What is the best and cleanest way to close a console application on windows mobile?
The application by default is invisible and you cannot see it in the running programs, which is great for running a background process, but sometimes the user might need to close it..
Exit Main. Seriously. If you need someone to be able to exit is manually, there needs to be some mechanism like a shell icon and menu or a program in the Programs folder of something. How else would the user even know it's running? Any one of those visual cues would then set a named system event, and inside your Console app you'd have something listening for the same event (likely a worker). When it gets set, you take the actions required to shut down.
How would a user be able to close it if the application is not visible in the UI?
That's a great question. I once spent a long time trying to figure this out. Of course, we are assuming you can not (easily) return from Main. The correct answer on the desktop is System.Environment.Exit; But that method is conveniently not supported on CF.
An apparent second option is Application.Exit. That is on CF, but only applies to WinForms, and is in fact not guaranteed to exit your application.
So, throw an unhandled exception. ;)
EDIT: To kill it programatically from another app, you can look at Process.GetProcessById, and Process.Kill. Both of these are available on CF. You will have to somehow let the "killer" app figure out the "victim"'s ID. More convenient methods like Process.GetProcessesByName are not available on CF.
This technique isn't that elegant, though, and there may be permissions issues.
You could also consider some kind of IPC (inter-process communication), perhaps one overviewed in this previous Windows Mobile answer.
I decided to to read a boolean (keep alive) in the config file and have another application set it to false when I want to exit.
Its not that responsive but at least I can exit cleanly..