tags:

views:

414

answers:

10

Okay I've spent the afternoon researching and haven't had much luck finding the answer to this. I am trying to prevent an application from launching via some sort of dll or background application. It is to be used in monitoring application usage and licenses at my institution. I have found leads here regarding WqlEventQuery and also FileSystemWatcher. Neither of these solutions appear to work for me because:

With WqlEventQuery I was only able to handle an event after the process was created. Using notepad as a test, notepad was visible and accessible to me before my logic closed it. I attempted to Suspend/Resume the thread (I know this is unsafe but I was testing/playing) but this just hung the window until my logic finished.

With FileSystemWatcher I was not able to get any events from launching a .exe, only creating, renaming and deleting files.

The goal here is to not let the application launch at all unless my logic allows it to launch. Is this possible? The next best solution I came up with was forcing some type of modal dialog which does not allow the user to interact with anything, once the dialog is closed the application is killed. My concern here is killing the application nicely and handling applications with high overhead when they load such as Photoshop or something. This would also interfere with a feature I was hoping to have where the user could enter a queue until a license is available. Is this my best route? Any other suggestions?

Thanks

edit: To clarify this is not a virus or anything malicious. It's not about preventing access to a blacklist or allowing access through a whitelist. The idea is to check a database on a case by case basis for certain applications and see if there is a license available for use. If there is, let the app launch, if not display a dialog letting the user know. We also will use this for monitoring and keeping track if we have enough licenses to meet demand, etc. An example of one of these apps is SPSS which have very expensive licenses but a very limited pool of people using it.

A: 

Not sure if this is a GOOD solution but you could do something like pass a key into main so that if the key is not present or valid the application shuts down. Then when you open the application in your code, just pass the key in. Someone would then have to know the key in order to start the application.

This is assuming you have access to the application in question's source code, which upon reading your question again, I'm not so sure of.

Ryan Elkins
I think the OP's intention is to close processes or unlicensed (as far as corporate knows) apps. This is not for custom code executables, for which you could add a licensing key strategy.
Wim Hollebrandse
A: 

I assume you don't have source for the application you want to prevent from loading...

Have you considered using a system policy? That would be the best-supported way to prevent a user from launching a program.

You could have a service running that force-kills any app that isn't "whitelisted", but I can't say how well that would work.

Dave Swersky
No source available. A system policy I do not think would be dynamic enough for our needs.
Alex Ciarlillo
A: 

I wonder if you are taking the wrong approach. Back in the day there was a Mac app that would prevent access to the desktop and had buttons to launch a set list of applications.

IDEA

What if you had a wrapper for the approved apps then only allow your wrapper to run on the computer?

NitroxDM
why was this downvoted?
Raj More
This actually sounds like a valid solution, that you integrate your Key logic in the wrapper and if the wrapper passes success that it either runs the application itself or calls runas to run the process with a higher permissions level. Then you could use system policies to black list the regular users from opening processes that aren't on your white list.
Chris Marisic
I did not downvote, but I feel this would be far to invasive to our users and they would not stand for it. We operate to some extent at the whim of our patrons.
Alex Ciarlillo
Also the issue of apps launching from their respective document types.
Alex Ciarlillo
There would be also network privileges implications of all sorts.. It's a tough problem.
lb
A: 

I would expect there is some way of hooking an application launch, but can't help directly on that front.

You may be able to improve your current approach by detecting the application's window opening and hiding it (move it offscreen) so that the user can't attempt to interact with it while you are trying to shut it down.

However, another approach that may be possible (depending on your circumstances) would be to write an application launcher. This simply is a replacement for the shortcut to the application that checks your licencing conditions, and then does a Process.Start to launch the real .exe at that point. This would work well for any application. (I used a system like this for starting up applications with specialised environment settings and it works beautifully)

You could combine this with your current approach as a fall-back for "clever" users who manage to circumvent your launcher.

Jason Williams
Yes your first suggestion is the best I have come up with so far. The launcher idea is good but is similar to what we already have in place. The main issue is that anytime opens a document of the app we want to check the launcher wont catch it.
Alex Ciarlillo
You can overwrite the file associations to call the launcher, and all it needs to do is pass the command line it receives on to the launchee. The main problem with the launcher approach is just that it's easy to circumvent if a user has enough tech expertise.
Jason Williams
A: 

If my understanding is right you want to create an application what will prevent the computer user to start any other process except ones for a white-list.

If this is the case, monitor the process list of processes (in a while loop) using System.Diagnostics.Process (the GetProcesses method gives the list of all running ones)

Just kill the process when it starts.

Or if your machines have Windows 7 (Windows 2008??) you can use AppLocker. http://www.microsoft.com/windows/enterprise/products/windows-7/features.aspx#applocker Just let Windows prevent the startup.

Victor Hurdugaci
+1  A: 

Could you use

System.Diagnostics.Process.GetProcessesByName

in a loop to look for the process?

It might work if you don't use too aggressive a polling rate.

JayG
Yes I can make this and variations of it work, tho WMIEvent's are probably the better option. Just trying to see if there is any way to prevent launch altogether.
Alex Ciarlillo
A: 

You might want to look at this product: http://www.sassafras.com/licensing.html Personally I can't stand it, but that's because it does what you describe. Might save you some coding.

roufamatic
+1  A: 

You could actually edit the registry so when you click a psd, your launcher gets called instead of photoshop. Your launcher then checks for licenses and if there is one starts photoshop with the path of the file.

DaMacc
A: 

You are indeed close, take a look at the WMI Management Events. http://msdn.microsoft.com/en-us/library/ms186151%28VS.80%29.aspx

Sample code from Microsoft: http://msdn.microsoft.com/en-us/library/ms257355%28VS.80%29.aspx

Subscribing to the appropriate event will provide your application with the appropriate information to perform what you described.

A: 

This is a long shot but you may find it helpful.

Perceived Types and Application Registration http://msdn.microsoft.com/en-us/library/cc144150%28VS.85%29.aspx

No Refunds No Returns