tags:

views:

168

answers:

3
Q: 

How to automatically monitor and limit resource of process on Windows

On Linux, normally I use ptrace function to trace all syscall, and kill the process if the it tries to do anything harmful to my machine, such as system("shutdown -s -t 00") or so.

Is there a way for me to do this on Windows?

EDIT: I want to write Sandbox program to limit time and memory usage of its child that can work on both Windows and Linux, and now it can only run on Linux via ptrace

A: 

To run an application in a sandbox you could create a new restricted access token with CreateRestrictedToken (here's some info about the privileges you can enable/disable), call ImpersonateLoggedOnUser with the new token, start the new process with CreateProcess and revert to your old token with RevertToSelf. I'm not sure if in all contexes you can instead directly use CreateProcessAsUser, give it a try.

Matteo Italia  2010-01-24 11:53:29
Can you give me any example? I'm not sure how to use it.
Nat  2010-01-24 13:45:18
Wait, I re-read your question, and if you want to limit memory usage and CPU time the privileges are useless, they are to limit privileged actions (e.g. shutting down the computer).
Matteo Italia  2010-01-24 14:28:24
+2  A: 

If you attach your process to a Job object, you can limit the CPU time and memory of the process. That won't allow you to prevent if from performing malicious actions but it will allow you to achieve what you asked.

Larry Osterman  2010-01-24 17:03:37
So combining the use of jobs and the use of privileges (see my reply) he could actually limit CPU time, memory usage and block dangerous actions.
Matteo Italia  2010-01-24 18:53:04
That's what Google Chrome and Microsoft Office do in their sandboxes. Of course the challenge is actually getting it all to work (hint: It's much harder than you think) :).
Larry Osterman  2010-01-25 01:31:03
I can imagine it. :) BTW, what can be done to to restrict also the filesystem usage? As far as I know ACLs here are useless, since they apply to the user, which would be the same even after restricting the privileges.[OT]Didn't notice before that you were actually Larry Osterman; my compliments for your blog, I check it almost every day![/OT]
Matteo Italia  2010-01-25 09:26:42
That's my intention anyway to create a sandbox that restricted access and limit time/memory usage. I'll try to try it though. Never really code in VS C++ anyway. Any example would be appreciate.
Nat  2010-01-25 14:57:36
A: 

May be too late, just came across your post looking for the same functionality myself.

I found CPU limit 1.1

You can download it here with source code http://www.killprog.com/etce.html

I'm using it very successfully, hope it helps you

 2010-05-26 17:17:24

related questions

Verifying files for testing
How do you create your own moniker (URL Protocol) on Windows systems?
Windows Equivalent of 'nice'
Is this a good way to determine OS Architecture?
Dual vs. Quadcore on a Webserver
Is there a WMI Redistributable Package?
PHP Error - Uploading a file
Ruby On Rails with Windows Vista - Best Setup?
OpenVPN Config file to prevent timeout
How can I create Debian install packages in Windows for a Visual Studio project?
How do I configure and communicate with a serial port?
What's the best setup for Mono development on Windows?
Appropriate pagefile size for SQL Server
XML Editing/Viewing Software
Linux shell equivalent on IIS
What is a better file copy alternative than the Windows default?
Windows Help files - what are the options?
Heap corruption under Win32; how to locate?
Best way to access Exchange using PHP?
Get a preview jpeg of a pdf on windows?
WinForms ComboBox data binding gotcha
How do you schedule tasks in Windows?
Register Windows program with the mailto protocol programmatically
Embedding Windows Media Player for all Browsers
Best Subversion clients for Windows Vista (64bit)