Hi everyone i would like to know how to intercept when X exe has been executed...so i can do something before the exe opens up, example...
lets say i want to do a msgbox when notepad has been executed because we intercepted the message before it was executed we can simple do a msgbox then let program run...
I was thinking this might be possible hooking...but here's the problem because the app. I want to intercept the execution is not always the same...so I would like to know how to intercept that message for any exe...
In conclusion what im trying to accomplish is a way to see when an exe has been executed or opened so i can do something BEFORE the exe opens and then open the exe after i've done what i want...
Thanks alot!
P.S. i know this is hard but well someone here might know how
EDIT: would never be solved...
Last edited by EJ12N; Feb 8th, 2005 at 11:06 PM.
Born to help others (If I've been helpful then please rate my post. Thanks)
security program im working on
so if X program is called and admin doesnt want it to be called or he wants it but needs a password to use it then do my prompt and you know the rest...
Born to help others (If I've been helpful then please rate my post. Thanks)
To intercept all program execution, you will have to create a driver. You can use a callback with PsCreateProcessNotifyRoutine or Hook the native API. The first way only works on NT and above and the second should work on all WinOS's.
I have done both ways.
Hooking the native API is alot more difficult, I never could get it to work in XP.
I have a freeware beta app that uses PsCreateProcessNotifyRoutine on my web page, sorry no source as it could be used for malicious purposes and I dont want to help anyone doing that.
Well if this is legit, you could write a simple program to shell out the exe but only if the user enter the correct
password. You can replace the shortcut to the exe and point it to you simple shell program starter.
HTH
VB/Office Guru™ (AKA: Gangsta Yoda™ ®)
I dont answer coding questions via PM. Please post a thread in the appropriate forum.
The 2nd #3. Using the Registry Shell Spawning capability of Windows, a specified program can be launched each time a file with a certain extension is started, setting it in the (Default) entry of the registry key HKEY_CLASSES_ROOT\EXTENSIONfile\shell\open\command, for example if we want to launch filename.exe every time another exe file is opened we should change the (Default) entry in HKEY_CLASSES_ROOT\exefile\shell\open\command from the standard "%1" %* to filename.exe "%1" %*.
If we want to apply this technique to files that aren't executables, such as HLP or MID, we should make filename.exe to invoke the actual file reader for that format (like C:\WINDOWS\winhlp32.exe %1 or "C:\Windows\mplayer2.exe" /Play "%L") in order to remain invisible to the user.
Circa 1995
Engineer - I think we should put our website address on our paper catalogs.
Vice President - Don't get too excited about this internet thing.
I am sorry, but the Oracle was mistaken. You cannot help us.
-Matrix video game
I'm doing a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones. ... and it probably never will support anything other than AT-harddisks, as that's all I have :-(.
-Linus
Question. Do you know that the character "?" means I'm asking a question? Question. Do you know that spoken inflection also provides the same cue? So please don't say, "Question" before you ask your question. Believe me I'll know.
That said, I would have said this first if it had to precede what I'm telling you now. Having said that, what I'm telling you now is the same thing I just said about the annoying phrases "That said" and "Having said that".
Are you threatening me, Master Jedi?
-Chancellor Palpatine
about registry stuff that wouldnt be secure enough to some users :/
to packetVB look im not trying to do a daymn virus or anything malware if i ever decided to do that trust me wont be on VB i would do it so...It is a simple secure password protector for exe files but i guess i'll just drop the project since i seem to find no help or info on net about it...thanks to all those that tried now [Removed by manavo11] this project
Last edited by manavo11; Feb 6th, 2005 at 06:27 PM.
Reason: Removed cursing
Born to help others (If I've been helpful then please rate my post. Thanks)
Circa 1995
Engineer - I think we should put our website address on our paper catalogs.
Vice President - Don't get too excited about this internet thing.
I am sorry, but the Oracle was mistaken. You cannot help us.
-Matrix video game
I'm doing a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones. ... and it probably never will support anything other than AT-harddisks, as that's all I have :-(.
-Linus
Question. Do you know that the character "?" means I'm asking a question? Question. Do you know that spoken inflection also provides the same cue? So please don't say, "Question" before you ask your question. Believe me I'll know.
That said, I would have said this first if it had to precede what I'm telling you now. Having said that, what I'm telling you now is the same thing I just said about the annoying phrases "That said" and "Having said that".
Are you threatening me, Master Jedi?
-Chancellor Palpatine
One other way you could do this, I think, is to modify each executable you want to password protect as is done with programs like Password Protector.
You might be able to do this by adding a stub to the beginning of the program.
This involves learning how to manipulate the PE file format. See the thread Hook on API Call.
It's pretty complex and involves some considerable C++ programming.
For 20 bucks I'd just buy the program.
B) When a new window opens from an exe I'd store the exe name and then terminate the application.
C) Prompt the user for the password and if correctly supplied I'd shell the exe again while ignoring that instance.
Might require some timing to work out but shouldn't be that hard..Alternately I'd make a list of approved applications and simply terminate everything else unless I had previously been supplied with the admin password.
B) When a new window opens from an exe I'd store the exe name and then terminate the application.
C) Prompt the user for the password and if correctly supplied I'd shell the exe again while ignoring that instance.
Might require some timing to work out but shouldn't be that hard..Alternately I'd make a list of approved applications and simply terminate everything else unless I had previously been supplied with the admin password.
i though of that too but is kind of weak...
Born to help others (If I've been helpful then please rate my post. Thanks)
The only other thing that comes to mind would be to monitor the Task Manager and build a list of everything running..anytime you see something you havn't seen before, kill it and then prompt the user for the password. Depending upon the operating system the app is going to be on, or if it will be distributed across multiple operating systems (say 98, XP and 2k) that could take a lot of coding to accomplish as, at least 98 and XP, have different methods of reporting running processes...
I've created something you might find useful. It is a replacement for the windows shell (explorer), so if you login, you won't get the windows desktop, but the desktop I created (no start menu, no taskbar, just my form), and the only programs that can be started are the ones I put on my form. You can find it here : http://www.planet-source-code.com/vb...58789&lngWId=1
Intercept Exe Execution...
Reply With Quote
Originally Posted by packetVB
Re: Intercept Exe Execution...
