Process Protection Class (VB.NET/C#)

Hi everybody today I had a little problem with a project I’m currently working on, I didn’t want the user to be able to kill my application process.
So I thought of using ThreadTokes but then I found a more interesting API called NtSetInformationProcess (Yes native API rock) so after reading a while and a thew BSOD’s I made this little class that does exactly what what I wanted xD okay a little explanation on what my class does;

Whenever someone kills the application process it will recreate itself and start the process, this is used by a lot of Windows Native tools also AV use this method. I’m looking forward to go a little deeper this week and try to set the Process Priority to the System Level, okay enough said.

Heres the class For  VB.NET and C#

VB.NET

http://pastebin.com/ap4Map0T

C#

http://pastebin.com/Lkkse2bL

I’m pleased for any kind of suggestion or feedback xD.
P.s. the code ain’t as sexy as it could have been it’s 3:17 AM over here, and I’m kind of tired and out of sugar xD.

Code for Fun and No Profit.

Advertisements

10 thoughts on “Process Protection Class (VB.NET/C#)

  1. How do i start protection? :S

  2. Well you call the subroutine Start() 😀

    • Admin :
      Well you call the subroutine Start()

      I tried that, my start up form is called frmLogin so i have this

      Private Sub frmLogin_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
      clsProcessProtect.Start()
      NotifyIcon.Visible = False
      End Sub

      but i get this error
      Error 3 Reference to a non-shared member requires an object reference. \Visual Studio 2010\Projects\ProgLock\ProgLock\frmLogin.vb 4 9 AppLocker

      what have i missed?

  3. got a bit further

    Dim protect As clsProcessProtect = New clsProcessProtect
    Private Sub frmLogin_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
    protect.Start()
    NotifyIcon.Visible = False
    End Sub

    but opening task manager and going processes > AppLocker > End Task, kills the program.

  4. Hi Admin, to start thx v much for this wenderfll site..
    Such an interesting subject, im working on a controle parentale project .. i suceed capturing url from IE and block porn site by killing the program if necessary, ur module helped me, but i dont want to crash the system if the user kill the process, cz that not a virus.. can u change the code so i have a message box showing Acess is denied.
    I have 18 years old, im muslim, i did creat a muslim prayer time reminder when i was have 12 and a quran screen saver at 13 and a college manager for algeria schools in excel at 13 and in vb.net at 15, all my application are free, and are in fr/en/ar. to be onest i havent get any help here in my counrty, they alwase say “lets this for real programers” im still studing to pass to the university …
    the point is: that means alot to me if u understand, so i want to creat a controle parentale project so it block dirty site for shildren.. and i will publish this times all this softwares at once for algeria schools, so pls help me if u want, and i wil credit u for sure..

    i havent find a way to capture url from other browser like firefox, the only way for now is killing firefox process if it’s detect word’s like “porn”, “sex” in the main window title.. if u know a better way to caoture link without killing the process, like Anti-Porn software, i will be very glad,
    Thx for reading all this text.. and this is the first time i ask for help in forums..

  5. Well, I will post in the near future a new piece of code that will do that, for now I would suggest you to read about Hooking and Sub classing to achieve what you want. But read a lot before starting, http://shop.oreilly.com/product/9780596001186.do this is a good ebook that explains hooking and subclassing but it’s in vb6. Cheers

  6. I used to just name my exe file like system protected files, for ex: csrss.exe that lil trick worked fine :). Congratulations and keep it going!

  7. Well I didn’t knew about that, that’s a big vulnerability in windows, if it’s still accurate. Will check it and thanks for the post.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s