Ok, the title is my question.
No, this ain't for malware. It is for a parental control program for my own netbook.
Yes, I am tired of my brother's friends visiting porn sites on my laptop when I am away.
Oh, yes, I have red other questions and don't do the "You can't!" thing. It must be possible.
Well, you could run several processes, and when one of them is killed, one of the others would launch a replacement. You can also run a service that would monitor the process and launch another process when the process is killed.
Sorry, I can't comment so I've posted this as a 'answer'.
A few things to consider:
Is a 13 year old or his friends going to notice a process in taskmanager that shouldn't be there? (for example a second explorer.exe, svchost.exe etc.)
What are you trying to actually achieve as there may be other ways to do what it is you want. Are you trying to block them from going on certain sites? Are you trying to monitor what they do? Are you trying to prove to your mum what they are doing? Something else?
Unless you are trying to block them, will they care about anything you may have running? Would they bother to look for 'logging' software running on the PC? I would guess that they wouldn't bother to even open task manager unless the sites weren't working.
If you are trying to give proof or monitor your pc, running a VNC service in the background allows you to connect a viewer from another computer so that you/your mum can watch a live view of what they are up to.
If you want to monitor the sites then you have a wide range of options: keylogging software, browser logging software, proxy software or logging software on your router
If you want to block the sites then you also have a wide range of solutions: hosts file, dns based blocking (e.g. openDNS), blocking software on the pc (e.g. netnanny), blocking software on the router, etc.
Remember: If you are trying to block sites remember that nothing will block 100% of websites. You will only achieve 1 of 2 things: (Ideally) it becomes too much effort trying to find sites not blocked and they use another computer for their porn -or- they persist and find a way around it/to disable it/sites that it doesn't catch
what about unstoppable service ? MSDN
Yes, it is possible, I recently wanted to do the same thing, just came across what is known as Protected Windows Services.
I know this requires a lot of effort but when it's successfully implemented there's no way not even Admin can kill the process.
You'll need to write an additional ELAM Driver for this to work :ELAM Prerequisites - Microsoft Docs
Here is the link where it is described
Register service as protected service
Posted this answer as an Idea ...... If there's any problem I'll delete it.
Related
I have done a lot of searching to find a way to start a GUI application from a windows service on Windows 7. Most of what I have found is that with Windows 7 services now run in a separate user session and can not display any graphical interface to the current user. I'm wondering is there is any kind of workaround or different way of accomplishing something like this? Can the service start a process in a different user session?
This change was made for a reason and not simply to annoy developers. The correct approach is to put your UI in a different program and communicate with the session through a pipe, or some other IPC mechanism. The recommendation that services do not present UI is more than 10 years old now.
You should really try to follow these rules, even though it may seem inconvenient to begin with. On the plus side you will enjoy the benefit of keeping your service logic and UI logic separate
If your services runs under the LOCALSYSTEM account then you can check "Allow service to interact with desktop", for the benefit of legacy services that would fail if they could not show UI. But it won't help you anyway because the UI will show in session 0 where it is never seen!
I recommend you take a read of the official Microsoft document describing session 0 isolation.
There is a way to do this.
If you need to show a simple message box you can use the WTSSendMessage Routine.
If you need a complex UI elements you can put it in a separate program and you need to use CreateProcessAsUser Routine.
In this sample provided by microsoft you can see the process.
http://blogs.msdn.com/b/codefx/archive/2010/11/26/all-in-one-windows-service-code-samples.aspx
Windows 7 introduced what is called "Session 0 isolation" that in practice means that every service (except system services) run in a separate non-interactive session. For this reason you cannot directly create a GUI from within the service, except if you run in legacy mode by flagging the Interact With Destop option, which is not good if you plan to run your service for some years in the future.
As David Heffernan said, the best is to use a client-server architecture. WCF makes it easy to communicate with named pipes.
This page is a good starting point to read about Session 0 Isolation and this white paper is also very good.
i want to get list of Switched on computers in domain. curently i can get list of computers in domain by using directoryentry class but it gives list of all computers in domain whether it is switched on or not. i already reffered 2,3 links on stackoverflow but didnt get answer. pinging takes more time. Is there any efficient solution for this in c# ?
You might want to look at a solution like SCOM for this. It provides a "Heartbeat" functionality which is more reliable than ping (some corporate firewalls might block icmp, e.g. ping traffic). And a bunch of other monitoring stuff. It does mean more management overhead though.
If you want the simplest solution you can't get around ping. Maybe you can use a multithreaded ping like here: https://codereview.stackexchange.com/questions/1202/c-multi-thread-ping
To solve this i simply made a C# app that does a ping to all computers, this can be done very quickly depending on your network.
Basicly what you do is (And what i did):
1) Fetch you network guy
2) Talk to him, ask him if has any "flood protection".
3) If he is not screaming, spawn as many threads as you can and use them ping the machines :).
#Mr Happy already link to code on how to multi thread ping ( Not that its a issue at all).
It has become apparent that where I work needs, internally, a "notification system". The issue being that we are very spread out throughout multiple buildings and the bulk of the work force regularly keeps there email closed for hours at a time.
I need to create a simple way to be able to push out a message and have it "pop up" on everyones computer(or a single computer).
My first thought was to write a windows service that calls a winform/wpf app that resides on each computer that simply pops up with the message. Not sure how viable an idea that is but this is just brain-storming.
A different route, I thought, could be an app that resides in the systray on each computer that polls a db table and using the Query Notifications could pop up a message each time a new row is added. Then simply create an insanely basic app for writing a row to that table.
So, what I am asking is if any one else has walked this path. If so, how?
What things did you take into
consideration?
Are either of my ideas valid starting
points or are "egg and my face in
perfect alignment"?
Is there a different way that is even
simpler?
Thanks
Some simple requirements --> Must be "One Way" as I cannot give our user base a "chat" system. Must be, somewhat, hidden so as to discourage users shutting it off. A la system tray or service.
Wouldn't net send save you reinventing the wheel?
I've never done this but I've worked in a call-centre that did use something similar and they're insanely useful. I remember once when everyone got a message saying "does anyone know Mandarin? HELP ME!!" Brilliant. (Luckily someone did.)
Anyway your ideas are perfectly fine. Personally I'd do this as a client/server application. A windows forms or WPF application that sits in the systray could link to a server using a TCP/IP duplex connection using WCF. Perhaps get the client to register to certain groups depending on the department of the PC it's sitting on.
Then when someone wants to send a message they select which group it needs to go to (or all groups), the message hits the server which sends out to all connected clients, and the WPF app on the computer receives the message and pops it up. You don't even need a database except to store the users/groups, and the message history if you need to.
This might be a ridiculous answer but have you considered implementing a chat system? It's simple to implement and well tested.
Here are some possibilities:
http://messenger.softros.com/
http://en.wikipedia.org/wiki/Instant_messaging#User_base
Article on building your own:
http://www.computerworld.com/s/article/9002059/How_to_build_your_own_corporate_IM_system_
The easiest way to do this is to have a simple client on each machine polling a central service for alerts. Each alert should have a unique id so each client can deal with idempotency (you don't want the central service keeping tabs on which clients have "popped up").
I also recommend having a reasonably short lifespan for each alert, so the client only needs to know a very short list of alerts it has displayed and so if a machine was re-started, only a small history of alerts would be displayed.
With 300 subscribers, you'll want the polling to involve a nice long gap too - you don't really want 300 checks every 10 seconds - so you'll have to balance the technical desire for long gaps between checks with the business requirement to get an alert within a certain timeframe.
You could easily achieve this with a NET/TCP WCF service being polled by either a WINFORM / WPF application that is added as a start up program, or a windows service that then spawns a UI to display the notification.
I did something like this a long time ago to coordinate smoke breaks. I simply sent a broadcast packet out on the LAN at a specific port. Worked relatively well, although since anybody could broadcast and everybody would get a popup, it got abused a lot.
I would recommend you SPARK. We have same problem in my firm and finally decided to save time and do not reinventing the wheel and use existing (freeware) solution. SPARK does the job for us.
"Spark is an Open Source, cross-platform IM client optimized for businesses and organizations. It features built-in support for group chat, telephony integration, and strong security. It also offers a great end-user experience with features like in-line spell checking, group chat room bookmarks, and tabbed conversations."
If you cannot use / install existing IMs you might thing about implementing simple "chat" protocol in your app.
It is quite easy do that base on sockets and many articles available.
For example:
http://www.codeproject.com/KB/IP/TCPIPChat.aspx
http://www.codeproject.com/KB/miscctrl/SimpleMessenger.aspx?display=Print
If you need something advanced (eg. receive historical notification, users status management etc) you can consider using openSource Jabber API:
Eg http://www.codeproject.com/KB/gadgets/googletalk.aspx
i want to implement a windows service that functions as a simple license security feature for a software X. The service is meant to run independently from software X.
The rough idea:
The service is like a timebomb for a software Z installed on the machine...
Whenever the user runs software X, the service pops up a window every 30 minutes to remind the user to register software X.
If the user doesnt register the software after 1 month, the service will change the license code in a file and kill the software X process.
On the next start up, software X will read the wrong license code and starts in demo mode.
The service backs up the license code first before changing it.
When the user do register, a exe or bat file will be given for the user to run. The file restores the original license file and permanently removes the service.
Additional info:
Is it possible that if the user tries to kill the service, the service will automatically change license code and kill software X before being killed itself?
If the user changes the license code manually in the file after the service changes it, then the service will automatically change it back and kill software X.
I'm quite the newbie in programming... so i wanna ask for advice first before jumping into the project... Any advice, tips or issues/concerns i should be aware of based on your experience?
I'll most probably code it in C++ but might do it in C#(never used it before) after reading the following discussion:
Easiest language for creating a Windows service
I'm quite the newbie in programming...
so i wanna ask for advice first before
jumping into the project... Any
advice, tips or issues/concerns i
should be aware of based on your
experience?
The best advice I can give you is "newbies to programming should not attempt to write security systems". Developing a security system that actually mitigates real vulnerabilities to real attacks is incredibly difficult and requires years of real-world experience and both practical and theoretical knowledge of how exactly the operating system and framework class libraries work.
The second-best advice I can give you is to construct a detailed, accurate and complete threat model. (If you do not know how to do thread modeling then that'll be the first thing to learn. Do not attempt to rollerskate before you can crawl.) Only by having a detailed, accurate and complete threat model will you know whether your proposed security features actually mitigate the attacks on your vulnerabilities.
Whenever the user runs software X, the service pops up a window every 30 minutes to remind the user to register software X.
This is not possible. A service cannot display a window due to being on another desktop then the user. (Since Vista this is mandatory, XP did allow for showing a window.)
Is it possible that if the user tries to kill the service, the service will automatically change license code and kill software X before being killed itself?
No. A service is just another program running in the system, which can be killed at any point in time. (Only you have to be in the administrator group).
If the user changes the license code manually in the file after the service changes it, then the service will automatically change it back and kill software X.
The conclusion is, that when you break your license check into 2 parts, you get another point at which the user can break your check. You cannot prevent the user from working around your service, if it is not mandatory for your program to work.
Is it possible that if the user tries to kill the service, the service will automatically change license code and kill software X before being killed itself?
Not in general, no. If I shut down the process unconditionally (e.g. using taskkill /f command), it won't get any chance to react.
If the user changes the license code manually in the file after the service changes it, then the service will automatically change it back and kill software X.
It's possible - you can use ReadDirectoryChangesW function to watch the file and react to changes (or FileSystemWatcher class if your service is implemented in .NET). Of course, in light of the first answer above, user can just kill your service and then alter the file...
NEVER make a service for something unless it's really a system service. If you are creating an application, then you have NO BUSINESS EVER running code on the system when the application is closed unless the user explicitly requested that operation. Ideas like this are the reason we (nerds) have to deal with so much crap when people ask us to "fix my computer, it's running so slow."
I would walk from a 6-figure salary before I would ever become a part of an abomination like that.
Edit: I suppose first I'd need a 6-figure salary... some day some day
Is there any way to hide a C# program from the Windows Task Manager?
EDIT:
Thanks for the overwhelming response! Well I didn't intend to do something spooky. Just wanted to win a bet with my friend that I can do it without him noticing. And I'm not a geek myself to be able to write a rootkit, as someone suggested though I'd love to know how to do it.
Not that I'm aware of - and there shouldn't be. The point of the task manager is to allow users to examine processes etc.
If the user should be able to do that, they should be able to find your program. If they shouldn't be poking around in Task Manager, group policy should prevent that - not your program.
Don't mean to zombie this but i thought i could contribute some useful information
If you want to hide a application there a two methods (that i can think of atm).
They both have their ups and downs
[1] SSDT Table hooking - basically you have to set the MDL of the table to writeable, overwrite the address of NtQuerySystemInformation (iirc) with the address of your function and have it call the original function after filtering the results.
This method doesn't suit your needs very well because the hooking function would always need to be in memory and would involve writing a kernel mode driver. Its a fun thing to do but debugging is a pain because an exception means a BSOD.
[2] Direct Kernel Object Manipulation (DKOM) - the list of processes is a doubly linked list, with a kernel mode driver you can alter the pointers of the records above and below your process to point around yours. This still requires the use of a kernel mode driver but there are rootkits such as FU that can be easily downloaded that contain an exe and the service. The exe could be called from inside your application as a child process (in the released version of FU, at least the one I found, there was a bug which I had to fix where if the hidden application exited the computer would BSOD, it was a trivial fix).
This will thankfully be caught by almost any decent antivirus so if you are trying to do something sneaky you'll have to learn to get around that (hint: they use a binary signature)
I have not used method 1 ever but method 2 has worked for me from a VB.Net application.
A third possible option is to just create the application as a windows service, this will show up in task manager by default but I'm willing to bet that there is a way to tell it to not show up there since there are plenty of other services which don't show up in task manager.
Hope I helped a little, my advice is that if you are interested in this kind of stuff to learn C++.
You could make your program a service and then it would appear as "svchost". There's a little more to it than that, but that should give you a hint to go in the right direction.
I'm not aware of any way to hide it from the task manager, but you could just disguise it by making it show up as "svchost.exe". It'll get lumped in with all the others (there's usually several), and will become indistinguishable.
You shouldn't hide it, but you could prevent the user from killing the process.
See Chris Smith's answer to this question.