I'm having an issue that the application I'm trying to run is detecting other applications (Recording Software, False Detection bla bla bla which is really annoying) and it asks me to close other applications before running.
Are there anyway to prevent that application from detecting? Or limiting its access? Or create an application to run it and limiting its access?
If there aren't any ways it's okay. I can still use a vm (but it's my last option because it consumes lots of computer resources)
I'm using Windows 10
The application I'm trying to run is .exe (written in C++)
Application detection is usually implemented by looking for a specific window class with FindWindowEx or by using a named mutex. It is also possible to look at all the running processes and comparing the .exe names.
Window detection is limited to each desktop. Switching to another user in a new session will allow you to bypass this detection. Desktops would also work.
Mutex detection can be per-session or machine global.
Process detection is usually machine global unless they specifically check the session id.
Related
I'm running some kind of POS application which makes exclusive use of the whole desktop to not to let the user access any of the Windows system functions. To do this, I use the WinAPI functions
CreateDesktop()
OpenDesktop()
to open an own desktop and to start this application there. This works fine for one desktop.
Now there is the possibility to connect a second monitor to this PC. Windows by default extends its desktop over the full area of both monitors. But this is not a solution for my application, here I want to start two GUIs in the same manner as described above but on every monitor exclusively.
But: I do not see any possibility to hand over a monitor identifier to the functions CreateDesktop()/OpenDesktop(). So any idea how this can be done?
Thanks!
my question may seem too weird but i thought about the windows hibernation thing and i was wondering if there is a way to hibernate a specific process or application.
i.e : when windows start up from a normal shutdown/restart it will load all startup programs normally but in addition of that it will load a specific program with it`s previous status before shutting down the computer.
I have though about reserving the memory location and retrieve it back when computer start up , but is there any application that does that in windows environment ?
That cannot work. The state of a process is almost never contained in just the process itself. A gui app creates user32 and gdi objects that are stored in a heap associated with the desktop. It makes calls to Windows that affect the window manager state. It makes I/O calls that cause code inside drivers to run. Which in turn affects allocations inside the kernel pools. Multiply the trouble by every pipe or rpc channel it opens to talk to other processes. And shared resources like the clipboard.
Only making a snapshot of the entire operating system state works.
There are multiple solutions for this now, in Linux OS: CRIU, CryoPID2, BLCR.
I think docker can be used (both for windows & linux), but it requires pre-packaging your app in a docker, which bears some overhead(s).
I'm in the process of writing a specification to convert one of our most complex applications into an application which runs as a screensaver.
Currently this application will read from the file system & registry (User, but will be converted to Local Machine) and spawn multiple child executables drawing media elements on screen using WMP SDK and other media display libraries for images and flash. Some native to the OS, some not.
It is written in VB6 and must continue to be for this conversion.
This application currently operates as an application in the interactive account space. Usually with an account logged in as an administrator, or other highly elevated account. This application must operate without been logged in as a Screensaver.
Resources on doing this for my research are scant.
I'm keen to know the opinions of the SO community. Are there any limitations when running applications as screen savers when not logged in, considering security limitations of operating EXE's in this context. Are EXEs running as screensavers prevented from spawning other child processes or limited in reading file or registry information.
Are there any graphics handling restrictions with direct show or direct draw? Can systen ODBC's still be used?
This applies to Windows XP & Windows 7.
Thank you for your time.
Thought I'd come back and close this off.
After some testing and discussions with Microsoft it turns out you cannot run complex applications as a screensaver when not logged in.
The session used at the windows log in screen has a limited desktop heap allocation by design. Attempting to use multiple resources or open many windows will not work as the heap will simply run out of memory.
Proven by testing and by MS's own word.
When running a program, such as notepad, as a service do you not see the program visually?
I see notepad running in the task manager but I can't actually see its instance running. Why is this?
Services are meant as background applications, not foreground applications. Generally they run without direct user input or with user input through IPC (often providing a centralized point for multiple applications to communicate).
It's not common to setup any applications to just run as a service. Applications that run as a service are generally specifically engineered to do so because they perform certain tasks and may want to always be running to perform such tasks.
An application actually needs to support running as a service - typically it is done by recognizing the "\service" command line key. Some applications will recognize the absence of the "\service" key and either do nothing or show a warning.
When an application is started "as a service" it usually means that it has to work continuously in background and there's a chance that no user is currently logged on. That's why it should not expect any user input and therefore doesn't show the window.
Adding on #Quintin Robinson's answer, the reason why they doesn't show up on task manager is because they are (usually) run from an umbrella process.
To give you a better picture, download and run Microsoft's Process Explorer, then hold your mouse over one of the "svchost.exe" process running.
You should see some of the services that are running under it.
All user interaction in Windows takes place via Windowstations. By default, Windows services "interact" with a non-interactive station. It's not the station you're connected to, so you don't see any output.
You can change this behavior by changing the service properties, and enabling "Allow service to interact with desktop".
You can read more about this here.
Applications that run as a service (or that are launched by other applications that run as a service) by default run on a separate desktop that cannot interact with the desktop you see.
If you want to be able to interact with a service, you have set the service properties accordingly.
That being said, what you're seeing with Notepad almost certainly has nothing to do with services.
I need to monitor and, if it is needed, decline process start in the Windows XP and Vista OS?
What are known/documented/undocmented methods? What about known hacks of this methods?
(It will be used for the shareware firewall/security software).
Be very careful with any code that thinks it knows enough about what a user is doing to know whether or not to allow a process to start. It's a great way to find out how much you don't know about your users, but only if you provide an email address for the users to send complaints to.
An example was some VPN software I worked with that hooked into the Windows system to be notified whenever a DLL was loaded. It actually caused BSOD when running a very common application - Visual Studio. The manufacturer wasn't aware of how modular VS is, and that starting it loads many DLLs, and sometimes even more during execution, as new features are loaded.
When you put yourself in the position to do things for your users, you have the responsibility to know enough to do them correctly.
For monitoring you can use WMI events.
There is no[1] method to decide whether to allow the start or not. If you are on Pro/Biz/Ent/Ultimate editions group policy can be used to block specified executables from being launched, or limit to a specified list.
[1] As far as I am aware.