Hi to all!

How to stop all programs except one in Windows 98? I need it because I must be sure than only my program will be active during critical interval when user must enter correct password.

Mike
Posted on 2004-07-19 08:00:38 by Mike
You would have to enumerate all running processes and then enumerate each process thread and suspend it - quite some task.

Doesn't sound like a very smart thing to do anyway - it can probably cause a lot of trouble, and if somebody really wants to snoop the password, they could do tricks to remove the snooping program from the process list, so that you cannot suspend it.
Posted on 2004-07-19 09:13:10 by f0dder
H-m-m... Good idea! But how to prevent start of new processes?
What standard task except Explorer can run new process?
Posted on 2004-07-19 10:29:30 by Mike
Since you're on 9x, you can probably just patch CreateProcess, this should be possible with some memory patching (since 9x is such an unprotected system). Tthere _might_ be other ways to start a process though, and you would have to patch these too.

"panzering" the system is not an easy task :)
Posted on 2004-07-19 10:59:24 by f0dder
f0dder what about if he Captures all the system input to only his password box? Don't know if the other snoop proggy will then be able to log the input?
Posted on 2004-07-19 11:07:58 by Black iCE
One could do a custom edit control for the password entry, using custom window messages to set/get text. This would defeat a lot of generic programs.

But there's of course the danger of something monitoring keyboard input rather than spying on an edit control.
Posted on 2004-07-19 11:15:23 by f0dder
Suppose that snoop app it able to monitor keyboard input then i presume you should be able to find it in the system and that will bring us back to the original suspend question (marry-go-round), but i an't experianced enough to look into this in detail. But you could mabe just find that process and suspend it cause it must have been created before the app asks for the password.

Just a thought
Posted on 2004-07-19 11:22:38 by Black iCE
Well, "find that process and suspend it" - first of all you would be looking for a specific process - I don't think it's easy to see that "this process monitors keyboard input" generically - besides, some process might need to do this without being a keylogger. Next, a keylogger could probably modify kernel structures to hide itself from the process list (or it could have injected itself into an already running process, like explorer) - so I don't think it's feasible.

But perhaps it _is_ possible in some way to get "safe" keyboard input - I just don't know where to look :)
Posted on 2004-07-19 11:27:14 by f0dder
Same!

As we all know that there is always a way for some1 to make and another to brake. Well Mike hope some1 looks at this that is much better than me with this topic.:grin:

A consideration with design... why not make it dependant on a file which the user wants to access the key logger might know whot the password is but it won't know whot the file specific to the user selected. IE make more then 1 varible in the equasion!

Or a simple alternative when the user presses a key "send" multipal random keys and work out an algortyhm to see whot the password is.

ie user enters "password"
logger-> p12345a12345s12345s12345w12345o12345r12345d12345

or make is dependant on the previous char ie if o then send 0o0 etc

So in the end the user enters the same info but a key logger can get rubbish from an algorythm.
Posted on 2004-07-19 11:31:30 by Black iCE
How can I patch some function? Fill it with zeroes?
Posted on 2004-07-19 12:10:06 by Mike

How can I patch some function? Fill it with zeroes?

Mike what do you mean? Specificly....
Posted on 2004-07-19 12:13:32 by Black iCE
Only this f0dder phrase

***
Since you're on 9x, you can probably just patch CreateProcess
***
Posted on 2004-07-20 03:34:43 by Mike