+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 18 of 18
Group Project Thread, Security Based Project Idea in Coding and Web Development; Unfortunately, you do have to pay to access Expert's Exchange (unless there really is a free subscription hidden deep in ...
  1. #16

    Join Date
    Jun 2005
    Location
    Elgin, Scotland
    Posts
    387
    Thank Post
    1
    Thanked 4 Times in 4 Posts
    Rep Power
    23

    Re: Security Based Project Idea

    Unfortunately, you do have to pay to access Expert's Exchange (unless there really is a free subscription hidden deep in the bowels of the site...).

  2. #17

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,680
    Thank Post
    3,210
    Thanked 1,030 Times in 955 Posts
    Rep Power
    361

    Re: Security Based Project Idea

    OK I did a copy and paste , if you want I can just save the page and zip it and upload it here if thats any better ?

    '---------------------------------

    Title: Determine if running processes are valid or not ?
    asked by gecko_au2003 on 01/17/2006 09:08PM GMT
    This question is worth 500 Points


    What is the best way of listing all currently running processes and looping though each process to determine if it is a valid process or not ie not a virus , trojan or malware etc ??

    As per here :

    http://edugeek.net/index.php?name=Fo...&p=14754#14754

    Send to a Friend Printer Friendly


    Comment from cookre
    Date: 01/17/2006 09:52PM GMT
    Comment Accept

    It's really not all that difficult, at least, what was described in the link.

    It's fairly simple to enumerate processes and identify their original filenames for comparison against a white-list. Indeed, that's one feature of a package I'm currently developing, with the addition of optional version checking.

    Now, identifying WHAT the rejected program is is a completely different problem.

    Comment from gecko_au2003
    Date: 01/17/2006 09:56PM GMT
    Your Comment

    Surely using file names isnt a good way of doing it, isnt there a digital signature or something that would be more full proof ?

    Also any chance of getting a finished app with source code cookre ? ( long shot I know lol )

    Comment from gecko_au2003
    Date: 01/17/2006 10:09PM GMT
    Your Comment

    Had a better idea

    Post it on that thread in that forum ( Which I am apart of ) If that is ok with you and that way you will get credit from all of them.

    Must admit would be nice to get a reference from you to say that I pointed ya there lol he he but as always cookre all the help is VERY much appreicated !!

    Thanks a bunch !!

    Comment from cookre
    Date: 01/17/2006 11:00PM GMT
    Comment Accept

    That gets into the area of efficacy versus useability. Once you step beyond just a filename (with full path), maintenance becomes a bit of a pain. Just imagine all the hassles when upgrading a popular app.

    Also, consider the sequence of events after an OS service pack is applied. Upon reboot, many upgraded dlls have to be allowed even before anyone can logon.

    It'll be a day or two before I post it - I want to sanitize it first. Also, I'll post it here, and you can provide the folks there a link.

    Comment from gecko_au2003
    Date: 01/17/2006 11:04PM GMT
    Your Comment

    ok thanks cookre ( I will obviously give you full credit ) since you are defintly due the credit !!

    Comment from cookre
    Date: 01/18/2006 02:00AM GMT
    Comment Accept

    Well, in .NET it's rather anti-climactic:

    Process [] p=Process.GetProcesses();
    for (int i=0; i<p.Length; i++)
    {
    try {MessageBox.Show(p[i].MainModule.FileName);}
    catch (Exception excp) {}
    }

    The try/catch is there since some system process modules can't be enumerated.

    This can be taken a step farther by using p[i].Modules to enumerate all loads made by the process.


    Comment from cookre
    Date: 01/18/2006 02:10AM GMT
    Comment Accept

    Since MS has taken a lot of pizazz out of coding with .NET, we offer the old-fashioned API call approach:

    #include "stdafx.h"
    #include <windows.h>
    #include <psapi.h>
    #include <stdlib.h>
    #include <stdio.h>
    #include <string.h>

    #define ExcessiveValue 4096

    DWORD ProcList[ExcessiveValue];
    HMODULE hMods[ExcessiveValue];

    DWORD Needed;
    BOOL bRC;
    DWORD NumProc;
    HANDLE hProc;
    DWORD i,j;
    char ModName[MAX_PATH];


    int main(int argc, char* argv[])
    {
    if (!EnumProcesses(ProcList,ExcessiveValue*sizeof(DWO RD),&Needed))
    {
    printf("EnumProcesses failure %d\n",GetLastError());
    return 1;
    }
    NumProc=Needed/sizeof(DWORD);
    for (i=0; i<NumProc; i++)
    {
    hProc=OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,false,ProcList[i]);
    if (hProc==NULL) continue;
    printf("PID: %ld\n",ProcList[i]);
    if (EnumProcessModules(hProc,hMods,sizeof(hMods),&Nee ded))
    {
    for (j=0; j<(Needed/sizeof(HMODULE)); j++)
    {
    if (GetModuleFileNameEx(hProc,hMods[j],ModName,sizeof(ModName)))
    {
    printf(" %s\n",ModName);
    }
    }
    }
    CloseHandle(hProc);
    }
    return 0;
    }



    Being a lazy SOB, I'll take c#.

    '------------------------

    Hope that helps

  3. #18

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,680
    Thank Post
    3,210
    Thanked 1,030 Times in 955 Posts
    Rep Power
    361

    Re: Security Based Project Idea

    With regards to free registration for Experts Exchange go here :

    http://www.experts-exchange.com/registerFree2.jsp

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •