Articles

Metasploit Framework Windows Tutorial
Remote Desktop Connection
Windows Processes That May Be Dangerous
How-To use NetCat a Tutorial
Common Linux Commands
Common Ports
Netcat Commands
HTTP Response Codes
War-Google Hack Terms
Wardriving
Avoiding Social Engineering and Phishing Attacks
Intrusion Detection on Linux
Linux Intrusion Detection
Penetration Testing Guide
Penetration Testing Tools
Social Engineering Fundamentals, Part I: Hacker Tactics
Social engineering (computer security)
The Psychology of Social Engineering

The Archives

General GSO
GovernmentSecurity.org News & Suggestions
In The News
Open Topic
General Security Information
Trash Can
Exploit & Vulnerability Mailing List Archives
Trial Member Forum
Product and Program Reviews GSO Tutorials
System Security
Windows Systems
Beginners Section
Linux & Unix Systems
File Downloads
Exploit Research & Discussion Trojan & Virus Errata
Networking Security / Firewall / IDS / VPN / Routers
System Hardening
E-Mail Security
Wifi Security
Trial Member Uploads
Upload discovered Trojans & Mal ware
GSO Programming Section
C , C++ , VC++
Visual Basic.NET
Perl /CGI
Java/Javascript
PHP/XML/ASP/HTML
Assembly + Other
The Cork Board
Network Security Consultant Directory
Network Security Jobs
The Archives
Encryption Information
General Network Security
Internet Anonymity
HTTP Protocol Security
Linux Security
MS IIS Information
Exploit Articles
Programming / Tool Design
GSO Software Projects
Public Downloads
Microsoft Security Questions and Papers
Help - Search - Member List - Calendar
Full Version: Processsitter
GovernmentSecurity.org > System Security > File Downloads
usch
Aug 8 2005, 06:16 PM
hi guys.

after some time of pure C# experience, i thought it was time to check and refresh my old,dusty and little C abillities. this is a project, i had almost finished some time before, but lost all the files due to format.

ok here is what it does :
it infinitely checks all running processes whether your specified .exe is running. if it is not, it starts it.

that's it.

CODE

/*  ProcessSitter, coded by usch
   Infinitely checks all running processes
   whether the defined exe is running.
   If not, starts it.
   
   usage: ps.exe <processname>
*/
   


#include <stdio.h>
#include <windows.h>
#include <Psapi.h>

int main(int argc, char *argv[])
{
void usage(void);
void mainFunction(char *arg);

   if(argc!=2)
       usage();
   else
   mainFunction(argv[1]);
}
   
void mainFunction(char *arg)
{
int x,returned;
char module[100];
HANDLE hProcess;
char name[200];
HMODULE modules;
DWORD prozesse[60],bytesReturned,moduleBytesReturned;

   EnumProcesses(prozesse,sizeof(prozesse),&bytesReturned);
   
   returned = bytesReturned/sizeof(DWORD);
   for(x=0;x<returned;x++)
   {
   if((hProcess=OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,FALSE,prozesse[x]))==0)
       continue;
   else
    if((EnumProcessModules(hProcess,&modules,sizeof(modules),&moduleBytesReturned))==0)
   continue;
   else
   if((GetModuleBaseName(hProcess,modules,name,200))==0)
       continue;
   }
   for(x=0;x<returned;x++)
   {
   if(prozesse[x]==*arg)
       continue;
   else
   {      
       system(arg);
       sleep(250);
       mainFunction(arg);
   }
       
   }
   system("PAUSE");
}
void usage()
{
   printf("\nProcessSitter - code by usch\n++++++++++++++++++++++++++++\n   usage:ps.exe <exefile>\n");
}


hope someone will find it useful as it is nothing big and nothing special.

have fun

usch
tibbar
Aug 8 2005, 06:25 PM
usch - i dont see a Sleep(100) or so in there...isn't it going to send cpu time to 100%?
usch
Aug 8 2005, 06:42 PM
it doesn't take 100% cpu. it's no while loop, but a function that calls itself again and again.i have tested it here


usch
tibbar
Aug 8 2005, 07:18 PM
if it is calling itself repeatidly you will be hogging cpu. best to put a sleep in there before it calls itself for 50ms or so...

just my opinion.
usch
Aug 8 2005, 07:28 PM
yeah ok i agree now wink.gif
has been fixed. thank you for your advice.

usch
stay
Aug 8 2005, 09:32 PM
hmm you could simply install app x as service and config it to automatically restart, therefore you wouldn't need an extra program and you wouldn't waste more cpu than needed...
so, is there any advantage in using you app than installing app x as service? huh.gif
Serhat
Aug 9 2005, 09:19 AM
QUOTE(stay @ Aug 8 2005, 09:32 PM)
hmm you could simply install app x as service and config it to automatically restart, therefore you wouldn't need an extra program and you wouldn't waste more cpu than needed...
so, is there any advantage in using you app than installing app x as service?  huh.gif
*


not all applications respond back as service and get killed after 5-10 seconds?
I know you have special apps to do so... but you get the same then.. you'll use that app or this one.. only this one will automaticly run as current user.. and the service one as SYSTEM unless other specified..

Serhat
vnet576
Aug 9 2005, 04:30 PM
Just register the program as a critical process. The kernel will crash (BSOD), yes windows xp, if the process is closed. There are native functions in ntdll.dll, so look them up.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2005 Invision Power Services, Inc.