After two hours of googling without even close matches to what im looking I must give up.

Please, tell me if there is some way to determine if my prog is started from login script. I mean that I want that my prog only runs if it is started from login script and if somebody tries to start it manually it refuses to start.

We have Win2000 servers and WinXp clients mainly.

Posted on 2004-03-16 17:06:22 by SamiP
You can try to just make sure that Explorer.exe is not the application that started your app:

GetParentName FRAME pExeName

LOCAL hModuleSnap :D
LOCAL hProcessSnap :D

Requires a buffer of MAX_PATH length be supplied in order to
copy the executable name. If the buffer is NULL it returns the
PID but no path. If the parent application is Explorer.exe
the returned PID is 0 and the path is not returned


call GetCurrentProcessId
mov [ourPID],eax

invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,0
mov [hProcessSnap],eax

mov D[pe32.dwSize],SIZEOF PROCESSENTRY32
invoke Process32First,[hProcessSnap],addr pe32
or eax,eax
jz >W2

mov eax,[pe32.th32ProcessID]
cmp eax,[ourPID]
mov eax,[pe32.th32ParentProcessID]
je >W2
invoke Process32Next,[hProcessSnap],addr pe32
or eax,eax
jnz <W1

mov D[me32.dwSize],SIZEOF MODULEENTRY32
invoke CreateToolhelp32Snapshot,TH32CS_SNAPMODULE,[pe32.th32ParentProcessID]
mov [hModuleSnap],eax
invoke Module32First,[hModuleSnap],ADDR me32
invoke CloseHandle,[hModuleSnap]
invoke CloseHandle,[hProcessSnap]

invoke lstrcmpi,OFFSET me32.szModule,"Explorer.exe"
jz >L2
cmp D[pExeName],0
je >L1
invoke lstrcpyA,[pExeName],OFFSET me32.szExePath
mov eax,[me32.th32ProcessID]
xor eax,eax

Posted on 2004-03-16 19:35:35 by donkey
Thanks Donkey. At the moment I cant test the code because im at work, but one more question ;) Is it allways explorer.exe which is parent to program even when the program is commandline one and started by cmd.exe. Well I think I need to test what is parent when the program is run in login script and then check to only run when that is parent. Hopefully in both cases its not cmd.exe!

Posted on 2004-03-17 00:12:08 by SamiP
Hi SamiP,

No problem, yeah you'll have to check and verify against the name that is returned from the script engine.
Posted on 2004-03-17 00:17:21 by donkey
It seems that the easyest solutions is to check that there are no explorer.exe process running and userinit.exe is running. This is not a waterproof concept, but I think it is sufficient for me atleast now.

Other solution is to check that parent process is userinit.exe before the parent process is explorer.exe. I mean that when the login script is netlogon.bat the parent process of my prog is allways cmd.exe then the parent of the cmd.exe is most likely userinit.exe (or maybe another cmd.exe) depending the scripts.
If I start cmd.exe from Start/Run then the parent of my process is again cmd.exe and parent of that is explorer.exe but parent of exeplorer.exe seems to be again userinit.exe.
So userinit.exe must come before explorer.exe in parent chain to be sure that the prog is run from login script. Ofcourse this works only for standard installations.... lot more checking is needed to make this really to be waterproof. Weird that there are no readymade flag or something to detect this thing.

Posted on 2004-03-18 07:04:46 by SamiP