keeping my program running?

clever_j · 05-06-2005, 12:14 AM

Hi guys

Im developing a station logger type of software..

got everything handled except for the software's own security..

been through soooo many issues and loop holes like:

preventing CNTRL+ALT+DEL key
preventing end task on my process
preventing modification of start up entries
preventing user access to the task manager
etc
etc

and, IT ALL BOILS DOWN TO ONE SOLUTION...

Keep my program running.. coz if it's running i can constantly check for connections, registry modifications, etc etc.. but if the user finds a way to kill it im a sitting duck..

What's the BEST WAY to do this? is there a kernel level way of checking for my app's process? or something? When my app is exited it should be restarted?

im sure some programmers around here has experienced the need for this..

please advise oh knowledgeable ones..

tea

C.Ingram · 05-06-2005, 12:52 AM

You can attach an COM object to a COM-aware application (you can make some if them launch your program when they are run, in case it gets killed) and attach to certian running processes. Doing either and manipulating other processes isn't something I'll discuss, though.

clever_j · 05-06-2005, 01:50 AM

hmm.. i would like to ask more, but as you stated, it's a solution you wouldnt want to discuss.. lolz that's ok.

hmm.. any other way? how about a kernel level type of checker.. that checks for my app and makes sure it's active?

C.Ingram · 05-06-2005, 03:13 AM

Not without patching the kernel. You can modify drivers, DLLs, and programs on-disk or at run time. The former is easier to spot and fix. The latter means you have no guarantees.

Look up CreateRemoteThread.

clever_j · 05-07-2005, 12:10 AM

Have you ever used this software called PC Security? From Tropical Software?

It's really good at protecting its own process.. very tight security.. my quickest solution is to use my Station Locking software with PC Security...

but it would be great if I can tap into thier means of "self protection".. i dunno.. what do ya'll think?

tea

C.Ingram · 05-07-2005, 12:44 AM

You can protect a process if it runs as a service on an NT branch box. At the very least you should be able to require an admin to start/stop it preventing it from being killed by a user.

The most effective way I've seen is to load a virtual device driver in at boot.

Member Login