Solved

I need to make a real killer!

Posted on 2001-08-30
27
383 Views
Last Modified: 2008-03-06
Hi!

I made an application which needs very high security.
Some users will not be able to print the reports from my app and we are studying about a program which disables <Print Screen>, and the clipboard as well.
Ok, this is fine, but not enough: What if someone downloads a screen capture utility like SnagIt!?
I thought about a routine in my program which monitors the loaded processes, and kills all the ones that are not allowed.
Can you point me to good resources about process monitoring? I would like to be able to terminate the processes as well. Some pieces of code would be greatly appreciated.
 
I need a real killer, and I thank you for your help.
0
Comment
Question by:ornicar
  • 9
  • 4
  • 3
  • +8
27 Comments
 
LVL 3

Expert Comment

by:jrspano
ID: 6442044
I'll have to think on your problem for a while to give you a good sugestion, but I can point out here that a procedure to monitor processes won't work.  you will never be able to handle every process.  You will first have to get/buy every screen capture program made and see what their process name is.  second new software comes out every day, you will be updating your program all the time.  also any one you really wants your info from the program and knows vb could throw together a screen capture in a very short time.  you would have no control over this, because they could name the thing anything they want.
0
 
LVL 8

Expert Comment

by:DennisBorg
ID: 6442248
As far as the systems from which you want to deny printing capability, why cannot you simply configure the system so that they have no printer access, no floppy drives, no software except what you have installed on it, disable the Run dialog box, etc.

This would prevent users from being able to install unknown applications, and they can only use the tools which you provide. They also cannot use the floppy or CD drives, since they would not exist.

You can disable internet access, etc.

In a case like this, if they press PrintScreen, so what? They cannot paste it into anything nor save it.

There are several systems throughout the plant I work at which are configured just this way.


-Dennis Borg
0
 
LVL 4

Expert Comment

by:Gibble
ID: 6442361
ornicar,
Are you going to take their pens and paper away too, their digital cameras to take a snapshot of the screen and download it somewhere else?

If they can see it then their isn't a thing you can do to stop them from getting a copy one way or another.
0
 
LVL 9

Author Comment

by:ornicar
ID: 6442422
Jrspano, I don't plan to manage a list of all software, you are right, this is impossible. I just want to make a list of processes that are 'accepted'. If in the list of loaded processes there is one not on my list, the application will either try to kill it, either will quit with a message like 'Memory full, please close some applicatons'.

DennisBorg, the management plans to distribute the apps to people with regular pcs with floppies, internet access, etc. They know that there is always a possibility, but want to make it difficult. The employees, anyway, have been informed that any attempt to hack will be prosecuted by law. Of course, they could bring a camera and take a picture of the screen, or simply write down the info on a piece of paper. But this seems not to be a problem, since they are confident on their employees.

Ok, I still can say: 'This is impossible', but I feel there is not a lot to be done to make hacking difficult. Even a small difficulty will make the users realize they are doing something forbidden.

I am simply looking for code examples or directions on:

- Make a list of loaded processes.
- Kill processes.

Killing process is not mandatory, since I can make my program simply quit if there is a stranger in the house.

I appreciate your advice, thanks.
0
 
LVL 9

Author Comment

by:ornicar
ID: 6442447
Yeah, Gibble, I just read your post after sending my comment: I can tell the staff to stop business too! ;-)
0
 
LVL 4

Expert Comment

by:Gibble
ID: 6442455
The problem with this is when are you going to check if only acceptable programs are running.  I could just open my snaggit app up after you check and then grab the image.  You would have to be constantly polling for new apps which would slow your program and the system down.
0
 
LVL 9

Author Comment

by:ornicar
ID: 6442465
No, really, the people need the info to do their job, but they should not be able to transfer it 'as is'.
0
 
LVL 9

Author Comment

by:ornicar
ID: 6442488
I don't bother slowing down the system. Its a database application, and the response time is not a requirement.
If I list the processes every 2 seconds, do you think it will be so slow? The pcs are quite fast out there.
0
 
LVL 4

Expert Comment

by:Gibble
ID: 6442503
I guess that will depend on the system and how things are being polled and checked.  Trial and error will tell you whats best here.
Well I am going home for the day, I hope you find an answer
0
 
LVL 9

Author Comment

by:ornicar
ID: 6442534
Thanks, Gibble, have a nice evening. This question doesn't need a quick answer, I just try to figure out.

To all, I must say that the system is running on NT workstations.
0
 
LVL 3

Expert Comment

by:Koka
ID: 6442569
Just a humble idea: if you are using Win2K maybe you could create special account for your application and tune it so that no new programs can be installed under this user account while other user accounts are free to do anything, but have no execute permission on your app.
0
 
LVL 7

Expert Comment

by:Z_Beeblebrox
ID: 6442643
If you are in a corporate environment running NT, I don't see what the problem is. Just use windows security to prevent users from installing any software on their computers. This means that they cannot install any screen capture programs, and they cannot even write their own, because they can't install a compiler. You still need to disable the print screen and copy and all of that, but this avoids the need to poll for processes or anything like that.

Zaphod.
0
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 6442739
Just a clue, see this excelent dll from Ark (an EE expert by himself):
http://www.freevbcode.com/ShowCode.Asp?ID=1308
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 4

Expert Comment

by:CareyJ
ID: 6443079
I saw a program once that had numerous textboxes with data.
A screen capture or print would take a snapshot of the form but all of the textboxes in the snapshot were blank.  Each textbox appeared to have a transparent textbox overlaying it.  There was a slight delay at lost_focus from one of the fields, almost as if you were typing into overlay textbox and then at lost_focus, it transferred its contents into the textbox underneath it and then cleared itself.

These textboxes may have actually been custom controls consisting of 2 textboxes.  

It made the program seem key-sluggish but the app's data-entry behavior was intriguing.
0
 
LVL 27

Expert Comment

by:Ark
ID: 6443393
Thanks, Richie :). My dll allow to monitoring any window Creation\activatin. If you have a list of 'prohibited' captions, you can prevent these apps from starting.
About clipboard:

'======Bas module code========
Option Explicit

Public Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, ByVal hwnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Public Declare Function ChangeClipboardChain Lib "user32" (ByVal hwnd As Long, ByVal hWndNext As Long) As Long
Public Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long
Public Declare Function SetClipboardViewer Lib "user32" (ByVal hwnd As Long) As Long
Public Declare Function SetWindowLong Lib "user32" Alias "SetWindowLongA" (ByVal hwnd As Long, ByVal nIndex As Long, ByVal dwNewLong As Long) As Long
Public Const WM_DESTROY = &H2
Public Const WM_DRAWCLIPBOARD = &H308
Public Const WM_CHANGECBCHAIN = &H30D
Public Const GWL_WNDPROC = (-4)

Public OldProc As Long, CBChain As Long

Public Function WndProc(ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
   Dim sText As String
    Select Case wMsg
        Case WM_DRAWCLIPBOARD
            sText = "Clipboard clear"
            If Clipboard.GetFormat(vbCFText) Then
               sText = "Text added!"
               Form1.Text1.Text = Clipboard.GetText
            End If
            If Clipboard.GetFormat(vbCFBitmap) Then
               sText = "Picture added!"
               Form1.Picture1.Picture = Clipboard.GetData(vbCFBitmap)
            End If
            MsgBox sText
            SendMessage CBChain, wMsg, wParam, ByVal lParam
    End Select
    WndProc = CallWindowProc(OldProc, hwnd, wMsg, wParam, lParam)
End Function

'=======Form code (form1)========
'Form1 have multiline textbox and picturebox

Option Explicit

Private Sub Command1_Click()
   Clipboard.Clear
End Sub

Private Sub Form_Load()
    Clipboard.Clear
    OldProc = SetWindowLong(hwnd, GWL_WNDPROC, AddressOf WndProc)
    CBChain = SetClipboardViewer(hwnd)
End Sub

Private Sub Form_Unload(Cancel As Integer)
    ChangeClipboardChain hwnd, CBChain
    SetWindowLong hwnd, GWL_WNDPROC, OldProc
End Sub


Cheers
0
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 6446069
Don't mention it! You deserve it.
0
 

Expert Comment

by:devendra_patil
ID: 6447269
Hi,
Since u need to terminate processes which are not required, u must first enumerate all running processes on ur system.
Try this link for enumerating processes,
http://www.thescarms.com/VBasic/RunningProcs.asp

To terminate process u must know the name of .exe file running. u can then by using string comparisions select the process to be terminated.
Using TerminateProcess is easy but can leak memory.
Other alternative is use AttachThreadInput to tranfer Messages to thread to be terminated & send message WM_Quit to ur thread using GetCurrentThread.Be sure to divert the message back to ur thread using AttachThreadInput
Look at the link for AttachThreadInput
http://www.thescarms.com/VBasic/alttab.asp

Hope this solves...
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6447362
Hi!

Here's some code that might help you:

Download...
http://www.vb-helper.com/HowTo/killapp.zip
Description: Kill another application (3K)


Here's a similar one (in terms of the results) that I got from the web some time ago which is different from the above:

Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Private Declare Function PostMessage Lib "user32" Alias "PostMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long
Private Const WM_CLOSE = &H10

Private Sub Form_Click()

Dim winHwnd As Long
Dim RetVal As Long
winHwnd = FindWindow(vbNullString, "Cannot find server - Microsoft Internet Explorer")
Debug.Print winHwnd
If winHwnd <> 0 Then
    RetVal = PostMessage(winHwnd, WM_CLOSE, 0&, 0&)
    MsgBox "Hee..."
    If RetVal = 0 Then
        MsgBox "Error posting message."
    End If
Else
    MsgBox "MSIE is not open."
End If

End Sub

Here's some code that I got from the web to get all the list of running programs (if works very nicely together with the above code - not the link): (Requires a listbox, a command button)

Private Declare Function GetWindow Lib "user32" _
(ByVal hwnd As Long, ByVal wCmd As Long) As Long
Private Declare Function GetParent Lib "user32" _
(ByVal hwnd As Long) As Long
Private Declare Function GetWindowTextLength Lib _
"user32" Alias "GetWindowTextLengthA" (ByVal hwnd As Long) As Long
Private Declare Function GetWindowText Lib "user32" _
Alias "GetWindowTextA" (ByVal hwnd As Long, ByVal _
lpString As String, ByVal cch As Long) As Long
Const GW_HWNDFIRST = 0
Const GW_HWNDNEXT = 2


Sub LoadTaskList()
Dim CurrWnd As Long
Dim Length As Long
Dim TaskName As String
Dim Parent As Long

List1.Clear
CurrWnd = GetWindow(Form1.hwnd, GW_HWNDFIRST)

While CurrWnd <> 0
Parent = GetParent(CurrWnd)
Length = GetWindowTextLength(CurrWnd)
TaskName = Space$(Length + 1)
Length = GetWindowText(CurrWnd, TaskName, Length + 1)
TaskName = Left$(TaskName, Len(TaskName) - 1)

If Length > 0 Then
If TaskName <> Me.Caption Then
List1.AddItem TaskName
End If
End If
CurrWnd = GetWindow(CurrWnd, GW_HWNDNEXT)
DoEvents

Wend

End Sub

Private Sub Command1_Click()
LoadTaskList
End Sub

This one shows all running tasks : )

Regarding the print screen problem, what you can do is to use a timer, set its interval to 100 to clear the clipboard or set the clipboard picture to that of an picture in your app : )

For example:

Private Sub Timer1_Timer()
Clipboard.SetData Picture1.Picture
'Or Clipboard.Clear
End Sub

Hope all these helps!

That's it!

glass cookie : )
0
 
LVL 9

Author Comment

by:ornicar
ID: 6464873
Glass_Cookie, Your killapp.zip link doesn't work.
Using Devendra's link, I made a process lister which works very fast.
there is still the killer, I am not used to API, I know I have to pass a number to TermitateProcess(), but is it the result of the process lister? I have process number, but nothing happens.
0
 
LVL 9

Author Comment

by:ornicar
ID: 6464881
BTW, I still have to try on NT. I tried it on 2000 using the NT lister. Does it make a difference? Iguess so. Anyway.
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6466484
Hi!

Hav you tried the ones that I've posted in text form rather than those from the links?  They're different from the links.  Only the results (or the purpose) is the same.

That's it!

glass cookie : )
0
 
LVL 9

Author Comment

by:ornicar
ID: 6467760
Hi!

I think i would like to use you code partially, Glass_Cookie. I used the code from Devendra, and I get a process number with this:

'
' Get a handle to the Process.
'
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION _
        Or PROCESS_VM_READ, 0, ProcessIDs(i))
'

Now I need to give a window number to PostMessage(). Can I give directly hProcess? It doesn't seem to work. How do I get the window number from the process number. Is it the same?

The only result I got is Outlook closing with a crash message. I feel I'm missing something.
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6468237
Hi!

If you want to use the PostMessage() function, you'll have to give the handle number to the fuction.

To get the handle number, you can use the FindWindow() function to check by stating what window's caption you're looking for.

For example, if you're looking for the hwnd of the calculator program, do something like this:

Dim winHwnd As Long
winHwnd = FindWindow(vbNullString, "Calculator")

If the window with the caption "Calculaor" does not exist, a 0 will be returned.

To close the window/app, do this:

Dim RetVal As Long
RetVal = PostMessage(winHwnd, WM_CLOSE, 0&, 0&)

where RetVal will contain the result of the process/command.  If the execution of the close command failed (eg. proggy non existant), a 0 will be returned.

That's it!

glass cookie : )
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6468246
Sorry... haven't really played around with hProcess before.
0
 

Expert Comment

by:devendra_patil
ID: 6481478
Hi,
If u tried using terminate process but ur process does not terminate then ur problem might be http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q270117


Terminate Process can be used as
HProc = OpenProcess(Pid, access rights...)
TerminateProcess(Hproc, 0&)

If u did'nt get this i'll try sending detailed code for this...
0
 

Accepted Solution

by:
devendra_patil earned 200 total points
ID: 6484440
Hi,
     Sorry, the parameters in above comment were shown wrongly, instead u can best find them in,
www.blackbeltvb.com/free/shellter.htm

This app first starts notepad using shell, and terminates it after some time, but in this case it uses TaskID return by Shell(). whic u won't be having..

But, u can use ProcessID instead & it works same...

Comment whether this solves it or not.....

Also, note that FindWindow() [mentioned by glass_Cookie], doesn't use string comaprision operators and wildcard chars eg: like, *, ?..

So, u need to pass exact Caption with proper case spaces ect..
0
 
LVL 9

Author Comment

by:ornicar
ID: 6491464
I think that's it, Dev. With all your examples I can make a program that works on any Windows version. Still the TerminateProcess() is not ok, but it's my fault: I used the NT lister routine on a 2000 pc.

Many thanks to all, specially to glass_cookie: I have 100 points for you.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Have you ever wanted to restrict the users input in a textbox to numbers, and while doing that make sure that they can't 'cheat' by pasting in non-numeric text? Of course you can do that with code you write yourself but it's tedious and error-prone …
You can of course define an array to hold data that is of a particular type like an array of Strings to hold customer names or an array of Doubles to hold customer sales, but what do you do if you want to coordinate that data? This article describes…
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now