I would like to write a program to kill certain tasks as soon as they are started (Messenger, MIRC, etc) but am a bit unsure where to start.
Any pointers or URL's to relevant material would be great.
Posted on 2001-11-26 17:24:07 by gyroWang
You wanna hide them?

.data
;.....
Kernel32 db "kernel32.dll",0
function db "RegisterServiceProcess"
;......
.code
;...
invoke GetModuleHandle, addr Kernel32
invoke GetProcAddress, eax, addr function
mov ebx, eax ;this hides from task list
push 1 ;
push 0 ;
call ebx ;
;...
end...
Posted on 2001-11-26 19:30:59 by CodeLover
Thanks.
though not quite what i was looking for, it will no doubt be useful to me at some point.
Really what i need to do is have something that gets called each time an application starts (hooking a vector?) then have some way of stopping the process or closing it down.
(A bit like those progs that shut down the annoying pop up windows in your browser)
Posted on 2001-11-27 16:55:46 by gyroWang
You probably can't avoid writing some ring0 code to do this.
Hooking kernel32!CreateProcess is probably the way to go, it should
catch almost every process launch. Have a look at EliCZ' APIHOOKS
or y0da's ForceLibrary.
Posted on 2001-11-27 17:24:49 by f0dder