Need to protect an exe file .

[gavin]

This checks for the yahoo messenger window every 20 seconds and kills it.
How can i stop users from shutting down my exe if all users have the same access rights on windows.
Can it be done?
Everyone is a power user.
Thanks.

Code Select Expand


; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
    .486                       ; create 32 bit code
    .model flat, stdcall       ; 32 bit memory model
    option casemap :none       ; case sensitive

    include \masm32\include\windows.inc
    include \masm32\include\user32.inc
    include \masm32\include\kernel32.inc

    includelib \masm32\lib\user32.lib
    includelib \masm32\lib\kernel32.lib

.data
    window_class db 'YahooBuddyMain',0

.code

start:
 
looptop:
    invoke Sleep,1000     
    invoke FindWindow,
    addr window_class,
    NULL
    sub eax,0
    jz looptop
   
    mov edx,eax ;handle

    invoke GetWindowThreadProcessId,
    edx,     ;handle
    ebx  ;threadid
   
    mov ecx,eax
    invoke PostThreadMessage,
    ecx,
    WM_QUIT,
    0,
    0

jmp looptop

invoke ExitProcess,NULL

end start


[P1]

1.  Turn off Task Manager with the use of global user policy.
2.  Re-write your program as a service. 
     a.  As an additional restriction, in the global user policy turn off control panel.

Regards,  P1  :8)

[gavin]

Cannot turn off the task manager as users have the same access rights.
I'm going to re-write the program as a service like you said.
It's a great idea and i think I will learn alot from this. :U
Is there any other ways after I re write my program?
Thanks for your help P1.

[zooba]

Uninstall and block URL?

[sluggy]

You need to do as P1 suggested, but run the service as NETWORK SERVICE, SYSTEM or ADMINISTRATOR (or possibly LOCAL SERVICE, i didn't check that one), then the users do not have the right to terminate the process even though they can see it in the task manager. Or you could have the service hosted by SVCHOST, then the users will not even see it.

[Faiseur]

Or inject your process (thread), for example in explorer.exe. This system is sure and your thread is not visible by the users (task manager).  How to do it is not explained on this board, it is used in hack, but it is not difficult to make.

[gavin]

Zooba.
Can't unistall and block as they can just reinstall it again.

Sluggy
Ya i'm writting the service for the last few days on and off .I will look into runing it as svchost ,very interesting .
I have no idea how svchost hides it but will do a search ;).

Faiseur

I will also search this as an alternative second program for the same thing.
Good ideas guys and thanks so far.

Gavin :U

[Jimg]

geez!  Either they have the right to run the program or they don't!  Issue an edict forbidding it.  Then, just track it to see if they run it. If so, send yourself a flag, and go break their fingers!

[P1]

geez!  Either they have the right to run the program or they don't!  Issue an edict forbidding it.  Then, just track it to see if they run it. If so, send yourself a flag, and go break their fingers!

They could have made a few custom firewall rules to stop the IM traffic.  Because once a user figures out all they had to do was rename the file.  They would have been back in business again. 

Never under estimate a mad user to do everything to get around what you have done to stop them.

Firings will continue until morale improves.   :dazzled:

Regards,  P1  :8)

[subhadeep_ghosh]

A single service can be stopped by the task manager.
So if you are that desperate...  :bg
then you could make one more service which monitors the existance of the service which you created and if anyone of the services, i.e. either your service or the service monitoring your service is shut down then the other existing service automatically shuts down the system. And during shut down or start up both the service check eachother's existance and if either don't exist then the existing one creates the one that dosen't exist.
And if someone somehow manages to stop both the services without managing to get the system shutdown...tell him/her that someone worships HIM/HER...  :bg ...
Just the thoughts of a crooked mind... :U