julianonunes
Programmer
Are there any way to detect any attempt of process initialization and block it before?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Block process execution 1
- Thread starter julianonunes
- Start date
- Status
- Thread starter
- #3
julianonunes
Programmer
It's not a user problem, I want to make a program that detects an attempt of process inicialization, bring their information and block it (stop it).
Do you want to detect another instance of the current program being started, or some other arbitrary program being started?
Chip H.
____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first
Chip H.
____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first
- Thread starter
- #5
- Thread starter
- #7
julianonunes
Programmer
Guys, I'm a programmer and I need to CREATE a software that detects attempts of process initialization and block it before running.
I'm searching this on Google for a week and nothing....so if somebody could really help me I would thank you.
I'm searching this on Google for a week and nothing....so if somebody could really help me I would thank you.
I've never tried this, and if you try it, be sure to do it inside a virtual machine so you don't hose your host OS. Because if I'm wrong, you surely will make your Win32 subsystem unstartable.
But, if you add a registry key under:
[tt]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options[/tt]
for Explorer.exe, and added a sub-key named Debugger, whose value points to a program you write, that program might be able to reject the startup of the app that was started via Windows Explorer.
I got this information from Inside Windows NT, 2nd Ed. in the section on process startup.
If you aren't already familiar with the contents of the book and/or the DDK, you might want to abandon this project.
Chip H.
____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first
But, if you add a registry key under:
[tt]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options[/tt]
for Explorer.exe, and added a sub-key named Debugger, whose value points to a program you write, that program might be able to reject the startup of the app that was started via Windows Explorer.
I got this information from Inside Windows NT, 2nd Ed. in the section on process startup.
If you aren't already familiar with the contents of the book and/or the DDK, you might want to abandon this project.
Chip H.
____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first
-
1
- #9
- Thread starter
- #10
julianonunes
Programmer
I got some information about API Hooking, so using this, I will intercept API calls that are made when a program tries to execute.
But I'll try your tips too.
But I'll try your tips too.
- Status