AGB  ·  Datenschutz  ·  Impressum  







Anmelden
Nützliche Links
Registrieren
Thema durchsuchen
Ansicht
Themen-Optionen

Anti End Task, not WM_Close?

Ein Thema von user · begonnen am 1. Jan 2011 · letzter Beitrag vom 3. Jan 2011
Antwort Antwort
Seite 2 von 3     12 3      
Benutzerbild von Luckie
Luckie

Registriert seit: 29. Mai 2002
37.621 Beiträge
 
Delphi 2006 Professional
 
#11

AW: Anti End Task, not WM_Close?

  Alt 1. Jan 2011, 22:12
If I want to kill your application and you will not allow ist, I just pull the plug after the administrator has removed your application from auto run. Or can you prevent the user from pulling the plug with your application?
Michael
Ein Teil meines Codes würde euch verunsichern.
  Mit Zitat antworten Zitat
Benutzerbild von Assarbad
Assarbad

Registriert seit: 8. Okt 2010
Ort: Frankfurt am Main
1.234 Beiträge
 
#12

AW: Anti End Task, not WM_Close?

  Alt 1. Jan 2011, 22:50
Man, just write a service if you need something the user cannot close. Even if the user closes the "client" part (e.g. a visible GUI), the service will continue to run. Let's assume for a second that you succeed in achieving your goal of an application that cannot be closed. No application is bug-free. Once the user encounters a bug and your application prevents the user from closing it, you'll have a bunch of angry users. Besides, with a hook such as the one you describe it's likely that you introduce more potential issues into the user's session ... i.e. affecting other processes as well.

I think you should elaborate on the problem you're trying to solve, because so far it indeed sounds iffy. So let's hear ...
Oliver
"... aber vertrauen Sie uns, die Physik stimmt." (Prof. Harald Lesch)
  Mit Zitat antworten Zitat
user

Registriert seit: 13. Jul 2010
25 Beiträge
 
Delphi 2 Desktop
 
#13

AW: Anti End Task, not WM_Close?

  Alt 2. Jan 2011, 09:54
I am making a security application for a policy. This app block unlisted/unwanted program from running (Admin/Guest Account). I hook in ring3, right now I have not implemented my app as a service/ring0, it's just a normal GUI app. I use ESET in my pc, Eset's GUI can be killed easily but eset's service is "self restarting" service. But.. I have not implemented yet my app as service. Making a service will consume more my time, maybe later I will working on it. So I just want to ask, is there any simple way to block End Task for GUI app?
  Mit Zitat antworten Zitat
Benutzerbild von Luckie
Luckie

Registriert seit: 29. Mai 2002
37.621 Beiträge
 
Delphi 2006 Professional
 
#14

AW: Anti End Task, not WM_Close?

  Alt 2. Jan 2011, 12:57
It will be easier to implement a service rather than a application that can not be killed. Plus it would be the preferred way by Microsoft because that's why they introduced services. Hooks will strain the system. And if they are not properly implemented the application may influence other applications from running properly.
Michael
Ein Teil meines Codes würde euch verunsichern.
  Mit Zitat antworten Zitat
Benutzerbild von rollstuhlfahrer
rollstuhlfahrer

Registriert seit: 1. Aug 2007
Ort: Ludwigshafen am Rhein
1.529 Beiträge
 
Delphi 7 Professional
 
#15

AW: Anti End Task, not WM_Close?

  Alt 2. Jan 2011, 20:24
So, why do the users need administrative privileges? - You don't need any administrative privileges if you just use the computer and don't administrate it.

On top of that, Windows comes with a Software Policy Kit which allows you to block unwanted Programs by name and Hash. Your program can't do it in an better way. Those policies even apply to administrative accounts, if wanted.

Bernhard
Bernhard
Iliacos intra muros peccatur et extra!
  Mit Zitat antworten Zitat
Benutzerbild von Assarbad
Assarbad

Registriert seit: 8. Okt 2010
Ort: Frankfurt am Main
1.234 Beiträge
 
#16

AW: Anti End Task, not WM_Close?

  Alt 2. Jan 2011, 20:41
I am making a security application for a policy. This app block unlisted/unwanted program from running (Admin/Guest Account).
Well, in this case it's neither secure nor is it the right approach. Sorry to say

I hook in ring3, right now I have not implemented my app as a service/ring0, it's just a normal GUI app.
Well, write a driver. If you can live with the prerequisites of Windows XP SP2 or Windows 2000 SP4+SRP+FltMgr and higher, you can easily use one of the mini-filter samples from the WDK. Mini-filters are rather easy to implement, compared with classic FSFDs.

I use ESET in my pc, Eset's GUI can be killed easily but eset's service is "self restarting" service.
Well, there is usually something like a failure action. But again, "self-restarting" and "invincible" processes suck!

So I just want to ask, is there any simple way to block End Task for GUI app?
Nope.

On top of that, Windows comes with a Software Policy Kit which allows you to block unwanted Programs by name and Hash. Your program can't do it in an better way. Those policies even apply to administrative accounts, if wanted.
This should be Vista or higher, though?! The old approach was pretty unsecure and relied on particular means being used to execute a program. If a more subtle method was used one could circumvent the restriction. Done so myself as admin.

But otherwise I can recommend Bei Google suchenTrustNoExe, though it may not work on x64 or Vista and higher (due to signing policies).

Small note concerning TrustNoExe: the guy used a SSDT hook to see when images get loaded. Whenever something that was not allowed was about to be loaded, he'd exchange the section (aka MMF) handle with one of his own usermode executable. This way his executable could retrieve its "own" location (actually the one of the attempted execution) and display a nice message to the user. Simple but effective.
Oliver
"... aber vertrauen Sie uns, die Physik stimmt." (Prof. Harald Lesch)

Geändert von Assarbad ( 2. Jan 2011 um 20:44 Uhr)
  Mit Zitat antworten Zitat
Benutzerbild von rollstuhlfahrer
rollstuhlfahrer

Registriert seit: 1. Aug 2007
Ort: Ludwigshafen am Rhein
1.529 Beiträge
 
Delphi 7 Professional
 
#17

AW: Anti End Task, not WM_Close?

  Alt 2. Jan 2011, 20:44
On top of that, Windows comes with a Software Policy Kit which allows you to block unwanted Programs by name and Hash. Your program can't do it in an better way. Those policies even apply to administrative accounts, if wanted.
This should be Vista or higher, though?! The old approach was pretty unsecure and relied on particular means being used to execute a program. If a more subtle method was used one could circumvent the restriction. Done so myself as admin.
I just know that in Windows XP there was something like that. Tried it only once and i thought it works. I never had the idea to circumvent the blocking-policy.

Bernhard
Bernhard
Iliacos intra muros peccatur et extra!
  Mit Zitat antworten Zitat
Benutzerbild von Assarbad
Assarbad

Registriert seit: 8. Okt 2010
Ort: Frankfurt am Main
1.234 Beiträge
 
#18

AW: Anti End Task, not WM_Close?

  Alt 2. Jan 2011, 20:53
I never had the idea to circumvent the blocking-policy.
I know I know: I'm paranoid. But just because you're not paranoid doesn't mean they aren't after you

As an admin I considered it my duty to make the machines luser-proof. However, for XP MS offered (until recently, I think it was withdrawn) something like a kiosk mode. I.e. you could lock down an XP quite thoroughly. Would have to ask in the forum whether someone still has a copy around. I don't even recall the name of the tool, but it got "advertised" on heise.de.
Oliver
"... aber vertrauen Sie uns, die Physik stimmt." (Prof. Harald Lesch)
  Mit Zitat antworten Zitat
Benutzerbild von rollstuhlfahrer
rollstuhlfahrer

Registriert seit: 1. Aug 2007
Ort: Ludwigshafen am Rhein
1.529 Beiträge
 
Delphi 7 Professional
 
#19

AW: Anti End Task, not WM_Close?

  Alt 2. Jan 2011, 20:57
I know I know: I'm paranoid. But just because you're not paranoid doesn't mean they aren't after you
Don't we all are a bit paranoid? - If you want security you have to test it, not just think it will work.

However, for XP MS offered (until recently, I think it was withdrawn) something like a kiosk mode. I.e. you could lock down an XP quite thoroughly. Would have to ask in the forum whether someone still has a copy around. I don't even recall the name of the tool, but it got "advertised" on heise.de.
Do you think of the "Shared Computer Toolkit"? - I have got a copy.

Bernhard
Bernhard
Iliacos intra muros peccatur et extra!
  Mit Zitat antworten Zitat
Benutzerbild von Assarbad
Assarbad

Registriert seit: 8. Okt 2010
Ort: Frankfurt am Main
1.234 Beiträge
 
#20

AW: Anti End Task, not WM_Close?

  Alt 2. Jan 2011, 21:03
Do you think of the "Shared Computer Toolkit"? - I have got a copy.
That could well be it (new name seems to be SteadyState). I don't need it, but the OP might appreciate to get his hands on a copy. Let's see when he returns to this topic
Oliver
"... aber vertrauen Sie uns, die Physik stimmt." (Prof. Harald Lesch)
  Mit Zitat antworten Zitat
Antwort Antwort
Seite 2 von 3     12 3      


Forumregeln

Es ist dir nicht erlaubt, neue Themen zu verfassen.
Es ist dir nicht erlaubt, auf Beiträge zu antworten.
Es ist dir nicht erlaubt, Anhänge hochzuladen.
Es ist dir nicht erlaubt, deine Beiträge zu bearbeiten.

BB-Code ist an.
Smileys sind an.
[IMG] Code ist an.
HTML-Code ist aus.
Trackbacks are an
Pingbacks are an
Refbacks are aus

Gehe zu:

Impressum · AGB · Datenschutz · Nach oben
Alle Zeitangaben in WEZ +1. Es ist jetzt 23:27 Uhr.
Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO © 2011, Crawlability, Inc.
Delphi-PRAXiS (c) 2002 - 2023 by Daniel R. Wolf, 2024 by Thomas Breitkreuz