Windows Thread, Blocking Flash Games Software restriction Policies... Hash in Technical; Originally Posted by tom_newton
Dirty, but you could shell out to pskill?
The problem isnt killing a process, its finding ...
8th May 2009, 10:14 AM #76
The problem isnt killing a process, its finding out which process has the file locked.
Originally Posted by tom_newton
8th May 2009, 02:45 PM #77
When I was browsing through the FileSystemWatcher library I never found anything that might signify OnAccess. How wrong I was, I apologise for the unintentional misdirection
However surely if the file is a registered game in the hashlist. One could also save the deletion until the resource becomes available to do so? With the previous release of your programme, we tested out a few logging ideas. Such as recording every instance a SWF file was loaded. Builds up a nice history to show to their form tutors.
What I have done to those I have caught via a remote session, is change the SWF file permissions to deny total access for students. As soon as they load the SWF again, the SAFlashPlayer just stays white and never loads.
I can't thank you enough peterp for giving a few of us hope, the battle might soon be over! Well until the next bright spark comes along...
11th May 2009, 08:50 AM #78
Yes, the onaccess is really to do with a property change (last access time changing). This is triggered when the file is opened (and thus locked) and when the file is closed (and then, yes, you can delete it or change its permission or otherwise mess with it)
Ideally I want to stop them playing it in the 1st place, else they just bring in a load, and play each of them once. Or copy them back from laptop /memory sick/mp3 players etc.
But the more I look into the problem of unlocking a file, the more it looks like it will beat me.
11th May 2009, 11:00 AM #79
Have you a URL to the software?
Originally Posted by Nikthomas
I know of Securus the company who do E-Safety software but this monitors and does not actually block.
11th May 2009, 11:44 AM #80
I can't see why it can't be done peterp.
Are you able to post a snippit of your code? One of us might come up with something ingenius!
11th May 2009, 01:39 PM #81
Well, this is a bit like exposing myself, but here is a section of (badly written, badly commented code)
There are a couple of global variables used, and much of the code is commented out as it was put in for debugging purposes.
The actual deletion routine is currently commented out too.
The code will (with the correct test harness) scan any opened file for a specific string (which in this case identifies the presence of embedded swf in .xls files.)
The one that does MD5 hashing is very similar.
Private Sub FileSystemWatcher2_Changed(ByVal sender As System.Object, ByVal e As System.IO.FileSystemEventArgs) Handles FileSystemWatcher2.Changed
ListBox1.Items.Add(e.FullPath & " : " & e.Name & " : " & e.ChangeType.ToString)
If (e.FullPath.Equals(last)) Then
'ListBox1.Items.Add("Ignoring that one")
If doRead(e.FullPath) Then
'ListBox1.Items.Add("Deleteing " & e.FullPath)
'1st time this event is caught, the file has just been opened, and is thus locked
'the 2nd time the file is closed and can be deleted.
'Given the variable e.fullpath I need to find the handle of the process that has it locked.
If (last.Equals("error")) Then
last = "none"
last = String.Copy(e.FullPath)
Catch ex As Exception
Private Function doRead(ByVal fn As String) As Boolean
Dim c As Byte
Dim ca(50) As Byte
Dim st As String = ":"
Dim fsReadable As Boolean = True
Dim found As Boolean = False
Dim oFile As System.IO.FileInfo
oFile = New System.IO.FileInfo(fn)
Dim fs As System.IO.FileStream = oFile.OpenRead()
c = fs.ReadByte
Catch ex As Exception
c = 46
fsReadable = False
If c = -1 Then
fsReadable = False
If c < 32 Or c > 126 Then
c = 46
st = enqueueChar(c)
If st.ToLower.Contains("\.f.l.a.s.h...o.c.x") Then
found = True
st = Nothing
fs = Nothing
Private Function enqueueChar(ByVal c As Byte) As String
Dim st As String = ""
Dim squeue(50) As Byte
Dim count As Integer = 0
queue(qe) = c
qe = qe + 1
qs = qs + 1
If qe > 49 Then
qe = 0
If qs > 49 Then
qs = 0
While Not qe = qs
squeue(count) = queue(qs)
count = count + 1
qs = qs + 1
If qs > 49 Then
qs = 0
count = 0
qs = qs + 1
st = Encoding.UTF8.GetString(squeue)
11th May 2009, 02:46 PM #82
What about if you take the application being used, as assumed.
For example, if the file type being opened has the extension .swf and/or the mimetype application/x-shockwave-flash.
Then closing SAFlashPlayer and/or any other media process as a given. This would then release the resource for you to delete?
11th May 2009, 03:24 PM #83
Works to an extent with certain files. If they open a .xls spreadsheet then the only program they have that will open this is Excel, so I could close down all instances of excel (and if they loose work they had open in another window, thats a lesson that they shouldnt be playing games)
The .swf files themselves are slightly more tricky, in that they can do 'open with' and open them in a variety of programs that understand flash. (flash, flashplayer, media player classic and Internet Explorer are the ones I've caught them using.)
I had wanted a more generic approach so that one method could deal with multiple methods of gaming, or opening otherwise banned files. (we cant restrict them all, as various courses have them developing flash).
I think you are right though, without much more expertise than I have to delve into using ntdll.dll then I will have to settle for working out the filetype to default program. Or even be completely evil and close all processes that I identify as being able to play games without worrying which one was the process playing the game.
11th May 2009, 03:32 PM #84
Well, when I see them playing games through Internet Explorer, I close the whole instance.
They should not be playing games, and as such if there was any work on the other tabs, then hard luck.
As long as the programme doesn't make any false positives, it's well within acceptable policy control to shut down the whole lot. I know of one school that shuts down the computer if they're caught.
With regards to opening up SWF in other files, surely group policy already prohibits running and installing new programmes. The only programmes that need to be closed are those already installed.
Maybe a KILL list is needed for customisation, like your last build.
11th May 2009, 03:41 PM #85
Yes, they cannot install new programs, but .swf can currently run in ...
Embedded in excel worksheets (we cannot disable vba or macros as these are needed by some of our courses)
Internet Explorer (easiest to kill, thats the purpose of gamekiller2, which is doing a great job here)
Media Player Classic (installed as part of a codec pack and used by some media students)
Flash cs3 (used by computing students)
I think the approach will have to be the evil one :-
On detection of ANY game file being opened, close down ALL instances of these programs to ensure the file is deleteable.
So, if the student has some research open in IE, his large flash project open in Flash, and then decides to open a game, he's going to loose all his sessions work too. Oh well. :-)
I can live with that, I think most of the teachers can too, will have to clear it with the SLT though.
I had wanted the elegant solution of being able to determine which process I should kill, but oh well :-)
ok, will start work in coding the new version in earnest in the next week or so (although I'm off on summer holiday end of the month). I aim to get it up and running in some form by the end of summer break, ready for the new intake!
Thanks for all the suggestions and help.
11th May 2009, 04:03 PM #86
It's all for the common cause!
Hopefully your release, plus a few more additions I'd like to make with logging (if you release the source that is!) should hit at the heart of the problem.
However a quick note about Externally hosted games. There are obviously thousands, even tens of thousands out there, and a blacklist against them would be folly as we could see that list expand to an unmanageable size. I still recommend using a firewall such as ISA, and then block SWF and the SWF MIME type, then use a whitelist to allow tutor requested sites.
14th May 2009, 12:43 PM #87
Sorry to bring up an on going thread, but, i have just looked at our student GPO and tested it to see if everything is still working ok, and there seems to be a problem with the software restriction policy.
We have a list of file extensions that we block and one of them is SWF. For some reason (on a test GPO) the software restriction is blocking the exe and MDB but i have added SWF, TXT, DOC and PPT and nothing is happening. The extensions still open as usual. There is nothing configured in the GPO apart from the software restictions.
Can anyone help.
22nd May 2009, 01:37 PM #88
try moving the policy higher in the list and then do gpupdate /force
2nd June 2009, 11:25 AM #89
I've found this out today as well, it manages to block .exe's and other files properly but when you tell it to block .swf it does nothing. Whist it really is just a classroom control issue it'd be nice if I could stop it still.
Originally Posted by timbo343
2nd June 2009, 10:34 PM #90
I've been led to believe, by RM, that SR doesn't block the .swf even if explicitly specified.
Thus using GameKiller2.
Thanks to NeoPlosive from:
DrCheese (11th June 2009)
By link470 in forum Wireless Networks
Last Post: 9th July 2010, 04:29 PM
By ChrisH in forum How do you do....it?
Last Post: 28th January 2010, 09:40 AM
Last Post: 20th April 2007, 06:38 PM
By wesleyw in forum Windows
Last Post: 12th December 2006, 11:35 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)