I'd like to have a program that just runs in the background and detects whenever a certain process is started and hopefully prevent it from starting and then react to it some way, in Windows. Specifically, my co-workers will install "epic fail" on anyone's machine who forgets to lock it for 2 seconds and gets coffee or goes to the restroom. I'd like to have a defense against this executable from running, and maybe have the computer say something like "no, you are the one that fails". I know certain root kits can do this, although obviously I'd not like to use something like this.
+1
A:
It's not hard to do, you can use EnumProcess or the Toolhelp API to get the processes, you could write a service to do this every so often and then kill the offending PID with TerminateProcess.
Lloyd
2009-05-14 18:59:52
Unfortunately I am afraid that one second it enough time for the running program to do it's damage.
aceinthehole
2009-05-18 14:55:15
You could set it up to run in milliseconds but at probably the expense of CPU load. For finer granularity I'm not sure, maybe some native/core API calls or hooking, for example CreateProcess/ShellExecute etc.
Lloyd
2009-05-18 15:22:21