|
Need your help guys, I've been trying to make a program like ProcessGuard and Sanctuary. This product prevents execution of any program that does not appear on the list of software that is allowed to run on a particular machine. I have made some research about it and I found out that you have to go to kernel-mode and hook its API on process creation(CreateProcess). But I failed to utilize the use of kernel32.dll or ntdll.dll. Is there someone here where that could me give some tips where to start, provide the basics of Windows API process hooking in C# or even better provide a working C# source code. Thanks in advance...
bryandel3@yahoo.com
http://www.bryandel.net/
-- modified at 5:48 Thursday 5th January, 2006
|
|
|
|
|
|
I have already read it anyway thanks. Pls I need a guide in C#
|
|
|
|
|
C# is not appropriate for this. It is designed for making user mode applications only.
I have taken a vow of poverty. If you want to really piss me off, send me money.
|
|
|
|
|
But is it possible?
About the money, I'm sorry but I can't send any. I'm still a student.
And I might make this program as my thesis. But still thanks for the offer.
|
|
|
|
|
I dont think it is possible but I could be wrong. If you use c# then you have a dependancy on the Dot Net runtime. I dont beleive that it is currently possible to use this with in kernal mode. I suggest you have a look around the "sys internals" web site
I have taken a vow of poverty. If you want to really piss me off, send me money.
|
|
|
|
|
Hello bryan,
first include in your class the System.Runtime.InteropServices
using System.Runtime.InteropServices;
Then is simple:
[DllImport ("user32.dll")]
public static extern long DestroyWindow (long hWnd);
Now use this site http://custom.programming-in.net/ to find out the dll of your function and then import it!!
If i din't got your question, and i'm completely off, oups sorry, give some more details
Happy new year to all!!
GanDad
|
|
|
|
|
Thank you very much for the link. I really appreciate it.
Details:
"ProcessGuard stops applications from executing without the users consent, stops malicious worms and trojans from being executed silently in the background."
Based on this C++ article "Hooking NtCreateSection() is a much more reasonable thing to do - if we intercept a call to NtCreateSection() with the request of mapping the executable file as an image (SEC_IMAGE attribute), combined with the request of page protection that allows execution, we can be sure that the process is about to be launched. At this point we are able to take a decision, and, in case if we don't want the process to be created, make NtCreateSection() return STATUS_ACCESS_DENIED. Therefore, in order to gain full control over process creation on the target machine, all we have to do is to hook NtCreateSection() on a system-wide basis.'"
NtCreateSection() is from ntdll.dll. I'm trying to import it but I don't know how to use it. I hope you can help me more. Again thanks for the link
|
|
|
|
|
Bryan,
Sorry my knowlege is limited on winAPI but i found just now a site for the proper way of the function parameters, so here it is :
http://undocumented.ntinternals.net/
Under UserMode -->NTDLL-->NTObjects-->Section.
Good luck dude
GanDad
|
|
|
|
|
Thanks for this another great site. This help alot. As my token of appreciation I'll add you to my Acknowledgement Page. This is the only way I can express my gratitude I hope you appreciate it.
|
|
|
|
|
Dear Bryan,
I feel honnored by your post, but what goes around comes around, that is the beuty of software community, lets all share our knowlege.
thank again for your post, Happy coding mate
GanDad
|
|
|
|
|
Hello.
I'd like to know if it is possible to convert from a string with a color name to Color object so that I could write a name of a color and change a datagrid row color to the new one given by the written name.
Thank you.
|
|
|
|
|
static method Color.FromName(string) takes the name of a color and returns the corresponding Color object.
|
|
|
|
|
So I have an app that I've written that uses the old WebBrowser COM object (can't use the 2.0 framework yet). It works just fine on my PC (the PC I developed it on), however on the user's PC (and others), it doesn't work as anticipated. It appears that the reason for this is the event (NavigateComplete2) that I'm wanting to use as a trigger for something to happen never fires on the other PCs. I say this b/c in the event handler I put a simple MessageBox to say "navigate completed". That shows on my PC, and does the actions I want. But on the other PCs, it does not. Any thoughts or suggestions?
|
|
|
|
|
do the other machines have the same version of the shdocvw.dll & microsoft.mshtml.dll files?
Tech, life, family, faith: Give me a visit.
I'm currently blogging about: Little House on the Flickr
Judah Himango
-- modified at 13:45 Wednesday 4th January, 2006
|
|
|
|
|
It looks like I had a different version of the microsoft.mshtml.dll file. Thanks!
|
|
|
|
|
I have a form, with the border style set to Sizeable, and SizeGripStyle set to show. All works ok.
If i then dock a panel to the bottom of the form, my size grip is hidden!
If i change the DockPadding, to say 2, i can see my size grip hiding behind the panel. Any one got any ideas how to make the size grip display on top of the panel?
Thanks
Trev
|
|
|
|
|
I tried out a few things, here are some options:
Set the panel's BackColor to Transparent.
The code for drawing the grip says it is 10x10 so you could set the forms bottom padding to 11.
Add a StatusStrip to the bottom of the form.
|
|
|
|
|
I don't know if there is a good solution for you, but here is something you can try (a bit of a kluge, but oh well):
Drop a statusbar onto your panel, and blank out the text. The statusbar has a visible grip on it. Then, if you need the space at the bottom of the panel, where the statusbar is, you can undock the statusbar, and make it smaller, so all you are using is the grip.
Roy.
|
|
|
|
|
hi to all,
i have to put a lot of control in an mdi form.
how can i put a vertical scroll bar on the form
best regards and thanks in advance
fady
|
|
|
|
|
I am Listening through a socket but unable to know when the client disconnects.
After disconnection when the client re-connect and send, the listener is not able to receive any message till it is restarted although at client end it is sending the message successfully.
|
|
|
|
|
If the Socket is Blocking, then any outstanding Recv() should fail with a return code of Zero (0).
If your Socket is Non-Blocking and you have Try/Catch blocks around your code, you will catch an error that you can use a detection.
If you are in some sort of loop, you can examine the Socket.Connected flag.
---------------
With that said there are dozens of examples of TCP Server code on this site alone so you may want to map ur architecture to a more functional architecture.
Good Luck
Mike
|
|
|
|
|
I'm trying to change all text entries in a ComboBox to upper case. However, the first time I make a change to the text, the application does not register the changed text. The next time I make a change to the text, it works as specified. In other words, when the textchanged event is called, it converts the actual text to upper case letters.
Is there a reason for this and how do I circumvent this problem? Thanks.
|
|
|
|
|
My question to you is, do you want to convert everything to upper case after or during the user is entering text?
If after, listen for the Validated or Validating event, you can convert to upper then.
If during, listen for the KeyDown event and modify the text accordingly.
|
|
|
|
|
I am working on a form that will get hosted inside a COM app. For some of the stuff that I am trying to do (adding managed controls to the COM form, etc), it requires that I have an instance to the COM form that is hosting my form. I've tried Control.FromHandle but that seems to only work for Controls that have been created from the managed side of things (verified using Reflector). Does anyone have any other suggestions? I'd really appreciate any help I could get.
|
|
|
|