Solved

How can I create Terminate and still resident program(TSR)?

Posted on 2002-07-22
14
350 Views
Last Modified: 2011-09-20
I am working in security project I need to create TSR program that resides in memory and still in it,pls help?
Regards
0
Comment
Question by:MohdAsalah
  • 5
  • 4
  • 2
  • +3
14 Comments
 
LVL 22

Accepted Solution

by:
ambience earned 100 total points
ID: 7168978
what OS, windows ?
TSRs are not possible in windows, plus even if its possible to keep a program in memory how are going to hook the interrupts ? (No more DOS, no more real mode!!)

If you can post what exactly you want to achieve by doing that maybe someone can post an alternative or a windows specific way of achieving that.

If you want to hook ordinary Keyboard/Mouse events then you can use windows Hook mechanism. All you need to do is write a simple dll which gets called by the system whenever there is any event of importance to the dll. So in effect a TSR maybe.

please elaborate ..
0
 

Author Comment

by:MohdAsalah
ID: 7168996
Actualy, I want my program to be launched and working as long as machine starting up and does not permit for any user to terminate it else if he have password or some thing like that.
0
 
LVL 3

Expert Comment

by:jimbucci
ID: 7169017
what is your OS?
0
 
LVL 22

Expert Comment

by:ambience
ID: 7169035
If that is windows ? maybe you need services , if its linux i guess daemons.

what is the intended OS ?
0
 

Author Comment

by:MohdAsalah
ID: 7169089
Windows XP and ME
0
 
LVL 3

Expert Comment

by:jimbucci
ID: 7169107
XP would be simpler than ME since ME is like DOS with a nice GUI.  

In XP you could create a service which is started at system boot.  Only the system admin would be able to stop it.

In ME you can create an app that doesn't display in the task list.  Since there is no system admin, anyone could stop it, but it would take a bit longer.

Jim
0
 

Author Comment

by:MohdAsalah
ID: 7169153
For jimbucci: How can I create app without appear in task list or task maneger.

For All: Can I create driver,Is it better than services?
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 22

Expert Comment

by:ambience
ID: 7170931
A driver, what for, why would you go for a driver when you can easily get away with writing a service.

A service is just for what you want to do, even if there is no user logged onto the system the service will keep running in the background, it wont appear in the task list , but will appear in task manager, however not just any user can be able to kill or stop it.

A service can also interact with the desktop and display Windows and dialogs when required.

To create a normal app that doesnt appear in the task manager is not possible easily, however applications can be made which do not appear in the task list. There are two ways to do it

!) Create a hidden window and make it parent of your applications main window, doing this removes it from the task list.

!) If the main window has WS_EX_TOOLWINDOW it doesnt appear in the task list.

hope this helps
0
 

Author Comment

by:MohdAsalah
ID: 7174412
Is it possible for services to be abled kill or stop it by specific user I mean not Windows Login user a user that my service can declare for him password.
0
 

Author Comment

by:MohdAsalah
ID: 7174457
Even if I make my program as services then the user can be able to open task manager and kill proccess!!!.
My goal of this question to search for a way  that the user can not kill program.
0
 
LVL 1

Expert Comment

by:ris
ID: 7174880
I don't believe that security on personal computers, especially running any version of Windows, is good enough that you could ever possibly create any application that can't be killed by the user if the user tries hard enough.  Ultimately, the system administrator (at the very least) and any other users with equivalent priveledges on the machine will be able to kill your process in some way no matter how you architect it.

However, if you create a service, that will be as close as you can get to what you want.  At least then, only a system administrator can terminate the service (assuming that the system administrator set up the machine to restrict management of services).  There's a service manager in windows XP.  You should examine it to see a little more about how services work.  Read in the MSDN for info on the architecture of a service, which I assume is a DLL that exposes a certain set of functions and maybe has a different file name, but I don't know for sure because I've never actually written one.

There is really no reason why your application should be harder to kill than that.  Users have a right to control the processes running on their machines.  If your application cannot be terminated under any circumstances, then it has crossed the line from useful application to annoying virus.

Ultimately, what you have described is by definition a service, so you should take advantage of the features provided for services through the windows OS, and write your program as a service.
0
 
LVL 22

Expert Comment

by:ambience
ID: 7176231
>> the user can be able to open task manager and kill proccess!!!.

as i said earlier and as ris has mentioned not every user can kill or stop a service, BTW even if you write a driver or something else there is no way to ensure that it always always runs, some uesr with enough rights and enough information can disable your driver.

Only administrators (so to say) have the rights to stop or disable a service, and if the administrator feels like doing so there is supposed to be a good reason behind that except just killing the process.
0
 
LVL 11

Expert Comment

by:griessh
ID: 7378386
Dear MohdAsalah

I think you forgot this question. I will ask Community Support to close it unless you finalize it within 7 days. You can always request to keep this question open. But remember, experts can only help you if you provide feedback to their questions.
Unless there is objection or further activity,  I will suggest to accept

     "ambience"

comment(s) as an answer.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
======
Werner
0
 
LVL 6

Expert Comment

by:Mindphaser
ID: 7420009
Force accepted

** Mindphaser - Community Support Moderator **
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Written by John Humphreys C++ Threading and the POSIX Library This article will cover the basic information that you need to know in order to make use of the POSIX threading library available for C and C++ on UNIX and most Linux systems.   [s…
Introduction This article is the first in a series of articles about the C/C++ Visual Studio Express debugger.  It provides a quick start guide in using the debugger. Part 2 focuses on additional topics in breakpoints.  Lastly, Part 3 focuses on th…
The goal of the video will be to teach the user the concept of local variables and scope. An example of a locally defined variable will be given as well as an explanation of what scope is in C++. The local variable and concept of scope will be relat…
The goal of the video will be to teach the user the difference and consequence of passing data by value vs passing data by reference in C++. An example of passing data by value as well as an example of passing data by reference will be be given. Bot…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now