[RPGonzo]

I currently have a project I'm working on for work and as such will give a small background as to what I'm trying to achieve. All work im doing thus far is in Visual Basic 2008 Express, and i have Visual C++ Express as well ( but have not worked with it AT ALL )

This program I'm working on has a couple of main interests points I'm aiming at:

1) Monitor and implement HOSTS file
( this is a WINDOWS NT based file and has the ability to block and keep traffic from going to/from URLs that are deemed not wanted for work computers or harmful to the system )

2) Monitor process list of windows and keep unwanted programs from running
( this is the tricky part of the program that i am inquiring help about)

I have so far a working application that can sit dormant in the system tray consuming as little CPU/Memory power as possible and at this point have gotten the app to be able to update the HOSTS file and kill processes in a black list that we specified ( on initial running of app and the program has to be open already )

What i was inquiring about is if anyone knows a way for a real-time tracking of the process list ( or another method of doing what i wish to achieve ) to where when a process is freshly listed in the process list the app will auto query it against the blacklist and either 1) do nothing or 2) kill the process if it is not allowed.

I will say i am FRESH to VB coding but i do have ample ability to get around PHP ( which i know has nothing to do with VB but gives me the ability to decipher code blocks to a extent of learning what it does ) and ANY help or where to read about what I am trying to do someplace would be GREATLY appreciated.

Below is what i have for the blacklist so far but this only working when the program is ran and only works on programs that are already open

 Private Sub ProgramWatchList()

		Dim conn As New SqlCeConnection

		Dim SilentConnString As String = My.Settings.WPIDMDataConnectionString

		Try
			conn = New SqlCeConnection(SilentConnString)

			Dim cmd As SqlCeCommand = conn.CreateCommand()
			Dim xI As Integer = 0

			cmd.CommandText = "SELECT COUNT(*) FROM Proc_List"

			conn.Open()

			Dim rdr As SqlCeDataReader = Nothing

			xI = CInt(cmd.ExecuteScalar())

			Dim ProgramName(xI) As String
			Dim ProgramEXE(xI) As String
			Dim i As Integer = 0

			cmd.CommandText = "SELECT ProgName, ProgEXE FROM Proc_List"
			rdr = cmd.ExecuteReader(Commandbehavior.CloseConnection)

			While rdr.Read()
				ProgramName(i) = rdr.GetString(0)
				ProgramEXE(i) = rdr.GetString(1)
				i = i + 1
			End While

			Dim p As System.Diagnostics.Process

			For Each p In System.Diagnostics.Process.GetProcesses()
				Dim ProcName As String
				Dim ProcID As Integer

				ProcName = p.ProcessName
				ProcID = p.Id

				If InStr(Join(ProgramName), ProcName) > 0 Then
					p.Kill()
				End If

				If InStr(Join(ProgramEXE), ProcName) > 0 Then
					p.Kill()
				End If
			Next

		Catch ex As SqlCeException
			MessageBox.Show(ex.Message)
		Finally

			conn.Close()
		End Try

	End Sub

This post has been edited by RPGonzo: 16 March 2009 - 09:58 AM

[LemonMan]

RPGonzo, on 16 Mar, 2009 - 09:33 AM, said:

1) Monitor and implement HOSTS file
( this is a WINDOWS NT based file and has the ability to block and keep traffic from going to/from URLs that are deemed not wanted for work computers or harmful to the system )

2) Monitor process list of windows and keep unwanted programs from running
( this is the tricky part of the program that i am inquiring help about)

Ok, let's start with the processes. VB has a built in class called Process. By calling Process.GetProcesses() you can get a list of processes. To use this, import System.Diagnostics. However, I think you can use it without importing that class.

To terminate a process, you first have to declare a variable of type Process, and identify the process you want to kill based on PID or name.

So, to kill the process with PID 1234,

Dim myProc As Process
myProc = Process.GetProcessById(1234)
Try
   myProc.Kill()
Catch ex as Exception
'It didn't work
End Try

To kill a process by name, use Process.GetProcessesByName. Because one process may be running multiple in multiple instances, use an iterator to kill them all. To kill all running instances of notepad.exe, do this. (Notice how you omit the .exe)

Dim myProcs As Process()
myProcs = Process.GetProcessByName("notepad")
For Each myProc as Process In myProcs
Try
  myProc.Kill()
Catch ex As Exception
'Didn't work
End Try

To monitor all open processes, maybe create a thread or use a background worker to execute the code I showed you above. Use Threading.Thread.Sleep(3000) to sleep for a little while after each "killing spree". In this case, wait 3 seconds (3000 ms).

BTW, these might help you with Process:

http://msdn.microsof...ocess.kill.aspx

http://msdn.microsof...y/76fkb36k.aspx

http://msdn.microsof...y/z3w4xdc9.aspx

Also, you can get a list of running processes: http://msdn.microsof...y/z3w4xdc9.aspx

_______

Now for the hosts file.

Use IO.file.ReadAllLines to read every line of the hosts file.

So,

For Each line as string in io.file.readalllines("C:\Windows\System32\Drivers\Etc\Hosts")
'Do something with each "line"
Next

Again, use a background worker or thread to do this at a predefined interval, specified by you.

Now, you can also append lines by calling

My.Computer.FileSystem.WriteAllText("C:\file",text, True)

True is for the Append parameter.

Well, hope I could help.

[RPGonzo]

Thanks for the reply and the new method for the HOSTS file .. i was replacing the HOSTS file itself and renaming the old one HOSTS.BAK by having the app execute a .BAT file , it was messy but worked...

For the process part i have most of what you put in place already, and short of using a timer with about a 30 second interval and re running the entire code again and again , i was curious if there is a way to "watch" the process list for changes and "onchange" ( no pun intended that's the Javascripter in me coming out lol ) execute "this code" to verify if the program is allowed against the blacklist

Again thanks alot for the reply and the new HOSTS update process

[LemonMan]

Use a FileSystemWatcher.

http://www.codeproje...derwatcher.aspx

[RPGonzo]

Correct me if im wrong but doesn't the filesystemwatcher only monitor folders/files?

Which this would be helpful if i added a "program files" watch and just watch for the blacklisted programs but i was trying to cut the snacks head off just a little earlier.

Just an example user downloads "Limewire.exe" of course the company doesn't allow that here at the main branch where we have a firewall and URL block in place. BUT the users with laptops and air cards have UNLIMITED access to the internet and what they can access. So Joe Blow downloads "Limewire.exe" when he double clicks that icon it adds a process to the process list and also under applications, this is where i want the watcher to be, before the file has a chance to modify the system in any way the app does a process.kill() and therefore the "Limewire.exe" file was never ran at all and the system has one more shield from outside influences.

We thought about adding a program install block from our domain controller but a lot of these guys are field techs who have to install special software for particular machines on the fly so that idea was killed.

Hopefully this makes the interests of the app a little more precise of what im looking for. Thanks a lot for the links and tips so far and appreciate your time!

[RPGonzo]

I found this ...

http://weblogs.asp.n.../11/438006.aspx

but now im looking at how it works.. which is kinda complicated so might take me a while lol

and if your lazy like me here is the code from that page but it doesn't entirely help being a different language lol

using System;
using System.ComponentModel;
using System.Collections;
using System.Globalization;
using System.Management;

namespace WMI.Win32
{
	public delegate void ProcessEventHandler(Win32_Process proc);
	public class ProcessWatcher : ManagementEventWatcher
	{
		// Process Events
		public event ProcessEventHandler ProcessCreated;
		public event ProcessEventHandler ProcessDeleted;
		public event ProcessEventHandler ProcessModified;

		// WMI WQL process query strings
		static readonly string WMI_OPER_EVENT_QUERY = @"SELECT * FROM 
__InstanceOperationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'";
		static readonly string WMI_OPER_EVENT_QUERY_WITH_PROC =
			WMI_OPER_EVENT_QUERY + " and TargetInstance.Name = '{0}'";

		public ProcessWatcher()
		{
			Init(string.Empty);
		}
		public ProcessWatcher(string processName)
		{
			Init(processName);
		}
		private void Init(string processName)
		{
			this.Query.QueryLanguage = "WQL";
			if (string.IsNullOrEmpty(processName))
			{
				this.Query.QueryString = WMI_OPER_EVENT_QUERY;
			}
			else
			{
				this.Query.QueryString =
					string.Format(WMI_OPER_EVENT_QUERY_WITH_PROC, processName);
			}

			this.EventArrived += new EventArrivedEventHandler(watcher_EventArrived);
		}
		private void watcher_EventArrived(object sender, EventArrivedEventArgs e)
		{
			string eventType = e.NewEvent.ClassPath.ClassName;
			Win32_Process proc = new 
				Win32_Process(e.NewEvent["TargetInstance"] as ManagementBaseObject);

			switch (eventType)
			{
				case "__InstanceCreationEvent":
					if (ProcessCreated != null) ProcessCreated(proc); break;
				case "__InstanceDeletionEvent":
					if (ProcessDeleted != null) ProcessDeleted(proc); break;
				case "__InstanceModificationEvent":
					if (ProcessModified != null) ProcessModified(proc); break;
			}
		}
	}

	// Auto-Generated running: mgmtclassgen Win32_Process /n root\cimv2 /o WMI.Win32
	// Renaming the class from Process to Win32_Process
	public class Win32_Process { ... }
}

// Sample Usage
ProcessWatcher procWatcher = new ProcessWatcher("notepad.exe");
procWatcher.ProcessCreated += new ProcessEventHandler(procWatcher_ProcessCreated);
procWatcher.ProcessDeleted += new ProcessEventHandler(procWatcher_ProcessDeleted);
procWatcher.ProcessModified += new ProcessEventHandler(procWatcher_ProcessModified);
procWatcher.Start();

// Do Work

procWatcher.Stop();

This post has been edited by RPGonzo: 16 March 2009 - 11:39 AM

[LemonMan]

You could also do some more searches on "VB.Net file system watcher". That is the way to go. It will notify your app when the HOSTS file is modified.

[RPGonzo]

So using lemons method here i can successfully read a source file and overwrite the local file with the contents therefore "updating" that file. What i was curious on is to save some disk space ( understandably not much but just a bit ) is there a way to read a source being on a domain i.e. a internet housed file.

this is the code i tried but it says "URI formats are not supported." so my question is , is there a method to use that will read a source file from the internet or will i have to have the program download the file and than read and write to update? i googled a bit but with nothing on the method i was looking for any insight would be helpful thanks!

	
Private Sub UpdateHostsInt_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles UpdateHostsInt.Click

		For Each line As String In IO.File.ReadAllLines("http://www.lazurous.com/wpdesktopmanager/HOSTS")
			My.Computer.FileSystem.WriteAllText("C:\Windows\System32\Drivers\Etc\Hosts", Text, False)
		Next

	End Sub

[LemonMan]

You can't interact with a network file using local filesystem calls. First, download the file.

My.Computer.Network.DownloadFile("http://www.mysite.com/myfile.txt","C:\myfile.txt")

'
This will download the file at http://www.mysite.com/myfile.txt to C:\myfile.txt.

Then, do what I described above to open C:\myfile.txt.

[RPGonzo]

Thanks for the reply sorry i haven't been on my computer lately to tell you that. If anyone else sees this and was interested in the file download portion i actually found a site that the guy had written a custom class with a progress bar.

http://www.vbforums....ad.php?t=396260

I just took his class and modified it to make it work and look the way i wanted. Learned a lot from that script as well.