Welcome Guest.   Make a donation to an author on the site October 01, 2014, 01:22:01 PM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
The N.A.N.Y. Challenge 2012! Download dozens of custom programs!
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1] 2 3 Next   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: NANY 2010 Teaser: Crush MCP (Master Control Program)  (Read 18133 times)
Crush
Member
**
Posts: 399



Hello dude!

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« on: December 20, 2009, 03:57:58 PM »

I noticed that my other project is not very interesting to others, so I decided to do something more useful.

The Master Control Program is a small tool running in the background that monitors all tasks and programs.
After making a snapshot of all running processes new ones will be terminated and tracked in a deletion list.
So you can see and get protected if a virus or other unknown programs are automatically starting in the background without your permission to raise your security while working.
I´m waiting for suggestions or features you´d like to see.
« Last Edit: January 01, 2010, 09:11:08 AM by Crush » Logged
mouser
First Author
Administrator
*****
Posts: 33,426



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #1 on: December 20, 2009, 04:10:57 PM »

This could be useful.. there are already some programs for this but i think there is always room for more that are nice and simple to use.

I see a couple of issues to think through:
  • How do you add new applications to the list of allowed programs?
  • If a virus only needs half a second to infect your computer -- you aren't really going to be able to stop it just by watching background process list -- for that you need an antivirus style hook that catches files before they can execute.
  • But still it could be useful to alert you about new programs you've never seen before that are running.
Logged
mouser
First Author
Administrator
*****
Posts: 33,426



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #2 on: December 20, 2009, 04:15:57 PM »

I think it might be nice just to have a program that made a list of the first time it saw any given program run for the first time and saved that to a nice text file, so i could always check that file and see when a new program was discovered running for the first time.  and maybe show in tray a balloon each time a new program was discovered running that had never been seen before.
Logged
Crush
Member
**
Posts: 399



Hello dude!

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #3 on: December 20, 2009, 04:22:03 PM »

I also wanted to save the list to create a white- and blacklist. Perhaps a function to auto-google for killed or tracked processes would be cool.
Logged
mouser
First Author
Administrator
*****
Posts: 33,426



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #4 on: December 20, 2009, 04:26:55 PM »

that's a nice idea.
one extra benefit of keeping this kind of list of history of when each program was run for the first time, is that it could be very helpful for diagnosing problems that you only notice a day later, etc.  and could help you diagnose a problem on a relative's computer.
note that for this kind of benefit, it doesnt have to ever kill anything.. it's just trying to track when a process first ran -- the nice part about that is how simple it would be to use, nothing to it.
maybe you could make it run two dif modes: 1) kill anything on blacklist but dont kill new programs; 2) kill everything not on whitelist
so if you only wanted to use it to keep track of the first time a program ever ran, you would just use mode 1.
Logged
Crush
Member
**
Posts: 399



Hello dude!

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #5 on: December 20, 2009, 05:11:58 PM »

I see that there are a lot of very interesting informations in the system like the Filenames, Processcreationtime, Usertime, IO-Informations how many read/writes, how much datas have been transferred, memoryusage and much more. This could give useful hints if a task could be an intruding sniffer or similar - perhaps you could optimize your system with knowledge about the shutdown-priorities or IO-usage. I´ll try to track as many informations I can get from the processes.
Logged
Perry Mowbray
N.A.N.Y. Organizer
Moderator
*****
Posts: 1,807



Thoughtful Scribbles

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #6 on: December 20, 2009, 06:12:03 PM »

Hey Crush: yes this is a neat idea (not that the other one wasn't). I like the idea that I can look back and see when things happened so that I can fix up problems.

Maybe even mash in some of the filesystem data about the actual files? Changes in versions? How would you capture automatic updates, where the programme downloads and runs and updates files?
Logged

f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #7 on: December 21, 2009, 02:25:36 AM »

Hey Crush, I don't mean to discourage you, but as mouser already mentioned you'll need a low-level (driver) hook in order to prevent NastyCodeTM from running - simply scanning with toolhelp/psapi every X milliseconds leaves too much of a gap for malware to run (and making the wait-time too slow will end up chewing too many CPU cycles). Also, if the malware injects itself into a running process, starts through a buffer overflow in flash/acrobatreader/whatever or loads as a service through svchost, you'll have a hard time catching it this way.

So instead of trying to keep a system clean by doing usermode app whitelisting, it's probably better to focus on the logging part - less chance of killing benign processes that way, too smiley
Logged

- carpe noctem
Crush
Member
**
Posts: 399



Hello dude!

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #8 on: December 21, 2009, 05:44:13 AM »

The main idea was only to stop all processes that start while surfing or working with a single application after a defined moment. At first I only wanted to create a popup-blocker by new windows.

But you´re right, it´s too time consuming when I track all datas I want to check. The MCP shall not be an Antivirus or Spywarekiller. It´s intended to be a help finding suspicious processes starting without your knowledge in the background, remove perhaps some annoying tasks at low-level and get a deeper view in the behaviour of programs and tasks. It can help you to find malware by its behaviour - even if your Antivirus/Spywaredetectors are not knowing them. You´ll never be able to find dll injections or manipulated executables without reference hashes to clean original files (this could be a new idea  undecided).
If you´re really running malware while working it perhaps can stop these programs fast enough to prevent or stop making damage somehow or at least helps you to lead your attention to the process if the file accession of some processes are getting extremely exhaustive.

I needed several hours only to create the main process class containing all interesting informations and I don´t know how much time the rest will need. So if there´s not enough time a black/whitelist or other features will be included later. The time to new year is too short to code a complex program.
« Last Edit: December 21, 2009, 05:47:54 AM by Crush » Logged
Perry Mowbray
N.A.N.Y. Organizer
Moderator
*****
Posts: 1,807



Thoughtful Scribbles

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #9 on: December 21, 2009, 05:48:48 AM »

The time to new year is too short to code a complex program.

You're good Crush: just get the first bit done and the rest can happen later  smiley
Logged

JavaJones
Review 2.0 Designer
Charter Member
***
Posts: 2,537



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #10 on: December 21, 2009, 01:08:14 PM »

I love the idea of an app startup logging program. If you can make hashes of each exe and track last startup, last changes to exe, etc. that would be even cooler. A long-term look at all this info, then make it exportable as a CSV and we can run some analysis on it, get some nice pie charts going and hey presto, unintended (but awesome) result is a graph of system update activity, system app load history, etc. Fun stuff. I like!

- Oshyan
Logged

The New Adventures of Oshyan Greene - A life in pictures...
Crush
Member
**
Posts: 399



Hello dude!

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #11 on: December 21, 2009, 02:09:02 PM »

A Hash on all of these programs is no problem, but it´s very time consuming. I´ll take a look what´s possible.
Logged
JavaJones
Review 2.0 Designer
Charter Member
***
Posts: 2,537



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #12 on: December 21, 2009, 02:38:21 PM »

Hash should probably be optional, but would definitely be a nice and important feature IMO. Thanks for taking our input! I love the evolutionary app design process. smiley

- Oshyan
Logged

The New Adventures of Oshyan Greene - A life in pictures...
Crush
Member
**
Posts: 399



Hello dude!

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #13 on: December 24, 2009, 01:21:56 PM »

A friend tested MCP yesterday on Windows XP professional. He wasn´t able to see any text in the windows. They should be instantly filled with texts.
Perhaps someone with XP could load the executable and write some lines about its behaviour?
* MCP.exe (2760 KB - downloaded 265 times.)
« Last Edit: December 26, 2009, 08:59:44 AM by Crush » Logged
Stoic Joker
Honorary Member
**
Posts: 5,272



View Profile WWW Give some DonationCredits to this forum member
« Reply #14 on: December 24, 2009, 03:29:24 PM »

XP was VPC which started to ignore mouse input the instant I ran the program. I launched it using keyboard to get the error:

XP = This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem

Win 7 x64 = The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.

App Log Source-SideBySide EventID 33

Activation context generation failed for "W:\Documents\= ALL Downloads =\MCP.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.
Logged
Crush
Member
**
Posts: 399



Hello dude!

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #15 on: December 24, 2009, 05:09:46 PM »

Ok, I don´t understand the message particularly, but I see something should be loaded and isn´t there. So I removed some unused features (ballast), made it more system-friendly and changed the download link of the last post. I hope this version works.
« Last Edit: December 24, 2009, 05:20:02 PM by Crush » Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #16 on: December 24, 2009, 05:12:16 PM »

Sounds like vc2008 runtimes are missing on your system?
Logged

- carpe noctem
Crush
Member
**
Posts: 399



Hello dude!

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #17 on: December 24, 2009, 05:18:21 PM »

You can download it here.
fodder: You can run it?
Logged
Stoic Joker
Honorary Member
**
Posts: 5,272



View Profile WWW Give some DonationCredits to this forum member
« Reply #18 on: December 24, 2009, 06:47:51 PM »

Better, no errors this time (runtimes not needed) ...was fine on Win 7 x64, but got no text in XP.
Logged
Crush
Member
**
Posts: 399



Hello dude!

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #19 on: December 24, 2009, 08:15:00 PM »

Stoic Joker: Please install the runtimes (it´s not very much) and run it again - perhaps the text becomes visible. Without it the prog is rather useless.
« Last Edit: December 24, 2009, 08:55:35 PM by Crush » Logged
Stoic Joker
Honorary Member
**
Posts: 5,272



View Profile WWW Give some DonationCredits to this forum member
« Reply #20 on: December 24, 2009, 09:24:00 PM »

Stoic Joker: Please install the runtimes (it´s not very much) and run it again - perhaps the text becomes visible. Without it the prog is rather useless.
Installed the runtimes & still no text. Not sure if it'll help but here's a screenshot of the XP desktop. If it is (supposed to be) using any of the 08 runtime stuff, it doesn't appear to be calling for it.
« Last Edit: December 24, 2009, 09:35:26 PM by Stoic Joker » Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #21 on: December 25, 2009, 06:49:27 AM »

It works here...

But ugh, what's with...
  • Themed looks?
  • German text?
  • Draggable menu- and toolbar?
  • Editor-style status bar?

I know this is stuff you get pretty much for free with MFC, but that doesn't make it any less ugly nor superfluous smiley

Works fine on my Win7-64bit, on my XP-SP3 vmware it starts with no errors but no text either (I haven't installed VS2008 runtimes there afaik, dunno if it's included with SP3?). Time to check API call return values for errors tongue
Logged

- carpe noctem
Tuxman
Supporting Member
**
Posts: 1,480


OMG not him again!

View Profile WWW Give some DonationCredits to this forum member
« Reply #22 on: December 25, 2009, 08:31:55 AM »

German text?
I can perfectly live with that.  Cool
Logged

I bet when Cheetahs race and one of them cheats, the other one goes "Man, you're such a Cheetah!" and they laugh & eat a zebra or whatever.
- @VeryGrumpyCat
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #23 on: December 25, 2009, 09:15:20 AM »

German text?
I can perfectly live with that.  Cool
Too bad die drittes reich failed, leaving English as the great uniting language Wink
Logged

- carpe noctem
Tuxman
Supporting Member
**
Posts: 1,480


OMG not him again!

View Profile WWW Give some DonationCredits to this forum member
« Reply #24 on: December 25, 2009, 09:20:53 AM »

In Europe, German is still the primary language of many countries (Germany, Austria, parts of Switzerland, Liechtenstein, Luxemburg, even in the Netherlands they speak German). English is not.
I wonder why these US-American weirdos think that their broken English accent is the one and only global language. Sort of arrogance, I guess.

 tongue
« Last Edit: December 25, 2009, 09:23:32 AM by Tuxman » Logged

I bet when Cheetahs race and one of them cheats, the other one goes "Man, you're such a Cheetah!" and they laugh & eat a zebra or whatever.
- @VeryGrumpyCat
Pages: [1] 2 3 Next   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.045s | Server load: 0.05 ]