a tool to prevent a specific process from running
Results 1 to 8 of 8

Thread: a tool to prevent a specific process from running

  1. #1

    a tool to prevent a specific process from running

    Hi all, i have written a program in C which prevents the user specified process from running.
    This might come in handy if you don't want your kids to play a game or use the net.

    It is called Exekiller.

    it runs in the background from an unvisible window and is easy to use.

    Usage: Exekiller.exe <processname>
    Example: Exekiller.exe iexplore.exe --> this will prevent Internet Explorer from running.

    if you wish to kill this program (to use the blocked process again) you can kill it by pressing <CTRL>+<SHIFT>+<BACKSPACE>.

    i've released it under the GPL and it can be found at my site.


    i hope it may be useful


    greets


    Scorpius

  2. #2
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Lepricaun,
    This would be a cool app if us fathers could put it on are kids boxes and use it remotely.LOL
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  3. #3
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    Why not apply the appropriate permissions on a program to limit/prevent its use?

    What would happen if I use your program on iexplore.exe and then copy iexplore with a new name... iexplorer.exe

    Would I be able to run that program?

    I'm having trouble getting it to work at all..

    I copied exekiller.exe to a folder that I want to block an .exe. Say for instance wget.exe

    c:\wget\exekiller.exe wget.exe

    The window closes and I can see exekiller running in my processes.

    c:\wget\wget.exe still works fine...

    What am I doing wrong?

    BTW: XP Pro sp2
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  4. #4
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    Nice, lepricaun.

    An idea for a version 2 of your utility: create an .md5 of the .exe and compare (like an antivirus) with each .exe being loaded. you will get even phis' example.
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  5. #5
    Why not apply the appropriate permissions on a program to limit/prevent its use?
    cause then you would need to login again if you wanted to use it.
    example: i wrote this program cause someone wanted to block Internet Explorer from his kids.
    (guess they use the same user account and therefore file permissions doesn't work).

    What would happen if I use your program on iexplore.exe and then copy iexplore with a new name... iexplorer.exe
    it looks at the processname running, so if you would rename your executable you would get passed it, but most people who are being blocked a specific program with this tool, won't expect that it is blocked by the name of the executable.

    I copied exekiller.exe to a folder that I want to block an .exe. Say for instance wget.exe

    c:\wget\exekiller.exe wget.exe

    The window closes and I can see exekiller running in my processes.

    c:\wget\wget.exe still works fine...

    What am I doing wrong?
    nothing at all, since when you are running wget.exe this process isn't listed in the taskmgr, but his parent process (cmd.exe) is, so therefore if you wanted this to be successful, you should run "Exekiller cmd.exe".
    b.t.w, it doesn't have to be in the same folder as the actual blocked process, since it looks at the running processes then see if the given process is running, and then kill it. this all happens about 5 times per second (if i'm not mistaken).

    An idea for a version 2 of your utility: create an .md5 of the .exe and compare (like an antivirus) with each .exe being loaded. you will get even phis' example.
    this is absolutely a good idea, but i would first have to find out how to implement md5 in it

  6. #6
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    ah, ok, I got it to work with your example (iexplore)

    If the user being blocked had any sense... they'd try to rename the file or see what processes are running. if I saw exekiller in my processes... I'd end task it. Maybe you should rename it to something that is not so obvious?

    This program would be a great example of "security by obscurity"?
    Might be a good way to trick the kids... but they'd eventually get around it if they were determined.
    There are too many ways to kill it, detect it and basically get around it.

    BTW: What does it matter if you have to logout and back in with the correct user account? IMO- Thats the way it should be. If they are *THAT* "lazy"... then they could right click and run as another user. (2k and above)

    Good idea though!
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  7. #7
    Senior Member
    Join Date
    Mar 2004
    Posts
    557

    Thumbs up

    Nice tool, and ingenious to do so!

    However, and sorry about that, I just realised a little side-effect (XP pro, SP1).

    I opened several (5) command shells. Within each command shell I started
    "Exekiller someexe.exe".

    Slowly, but steadily, the Exekiller filled up the memory, even when I killed
    all the cmd.exe-processes I previously opened. Does anyone observe the same?

    I checked the code but could not see anything "obvious".

  8. #8
    This program would be a great example of "security by obscurity"?
    Might be a good way to trick the kids... but they'd eventually get around it if they were determined.
    There are too many ways to kill it, detect it and basically get around it.
    like i said, a dad asked for a tool like this, since a friend of him has such a tool and he didn't know what it was called.
    so i wrote it. he only wanted to block iexplore.exe but i thought lets make it simple and let it be any program .

    I opened several (5) command shells. Within each command shell I started
    "Exekiller someexe.exe".

    Slowly, but steadily, the Exekiller filled up the memory, even when I killed
    all the cmd.exe-processes I previously opened. Does anyone observe the same?

    I checked the code but could not see anything "obvious".
    i see what you mean. and i think i know how it happens:

    since exekiller is started as a child process from the cmd.exe and hides the window, and then get killed, the window from cmd.exe still stays hidden and cmd.exe stays open.

    so here's how i solved it:

    if added
    Code:
    ShowWindow(stealth,1);
    before every possible exit from the program, this way when you press <CTRL>+<SHIFT>+<BACKSPACE> you get your command back again and can kill it with the exit command.

    i will upload the new zip file right away, so if you want you can download it again in about 5 minutes from now

    thanks for the comment sec_ware, i didn't noticed it myself before...
    well, the first bug is found and solved

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •