Thread: ApplicationScanner
View Single Post
Old Jun 12th, 2007, 12:59 AM   #1
Wizard1988
Professional Programmer
 
Wizard1988's Avatar
 
Join Date: Oct 2005
Location: Chitown
Posts: 416
Rep Power: 3 Wizard1988 is on a distinguished road
Send a message via AIM to Wizard1988
Lightbulb ApplicationScanner
I currently started working in the ITDepartment at my high school and one of the problems we face is users running applications which they are not supposed to. Some of the applications are blocked using GPO which checks the hash of the executable running. The problem with this is that each version of the blocked application will have a different hash. I put together an application which gets all the active windows and closes them based on the titlebar information. I have attempted writing this in C++ but I faced many problems. C# allowed me to write this in much less time. However it is a managed application and it does take up much more memory. I am looking for constructive criticism, ways to improve and stuff, or if anyone needs a good project they can rewrite this in C++

csharp Syntax (Toggle Plain Text) 
  1. //ApplicationScanner
  2. //Author: Greg Jarzab
  3. using System;
  4. using System.IO;
  5. using System.Text;
  6. using System.Collections;
  7. using System.Runtime.InteropServices;
  8. using Microsoft.Win32;
  9. using System.Threading;
  10.  
  11. namespace ApplicationScanner
  12. {
  13.     public delegate bool CallBack(IntPtr hWnd, int lParam);
  14.  
  15.     class WindowManager
  16.     {
  17.         static string WindowTitle;
  18.         ArrayList BlackListedApps;
  19.         bool done = false;
  20.  
  21.         public WindowManager()
  22.         {
  23.             SystemEvents.SessionEnding += new SessionEndingEventHandler(LoggingOff);
  24.         }
  25.  
  26.         public void GetWindows()
  27.         {
  28.             while (!done)
  29.             {
  30.                 NativeWIN32.EnumWindows(new CallBack(EnummerateWindows), 0);
  31.                 Thread.Sleep(5000);
  32.             }
  33.         }
  34.  
  35.         private void Warn(string title)
  36.         {
  37.             //This is for testing purposes.
  38.             System.Windows.Forms.MessageBox.Show(title + " detected!", "Blocked application has been detected!");
  39.         }
  40.  
  41.         private bool CheckViolations(string current)
  42.         {
  43.             foreach (string ae in BlackListedApps)
  44.             {
  45.                 if (current.ToUpper().Contains(ae.ToUpper()))
  46.                 {
  47.                     Warn(current);
  48.                     return true;
  49.                 }
  50.             }
  51.             return false;
  52.         }
  53.  
  54.         private bool EnummerateWindows(IntPtr hWnd, int lParam)
  55.         {
  56.             if (NativeWIN32.IsWindowVisible(hWnd))
  57.             {
  58.                 int length = NativeWIN32.GetWindowTextLength(hWnd);
  59.                 StringBuilder wt = new StringBuilder(length + 1);
  60.                 int result = NativeWIN32.GetWindowText(hWnd, wt, wt.Capacity);
  61.                 WindowTitle = wt.ToString();
  62.                 if (result > 0)
  63.                 {
  64.                     //System.Windows.Forms.MessageBox.Show("Window Title: " + WindowTitle.ToString());
  65.                     if (CheckViolations(WindowTitle.ToString()))
  66.                     {
  67.                         NativeWIN32.SendMessage(hWnd, NativeWIN32.WM_SYSCOMMAND, NativeWIN32.SC_CLOSE, 0);
  68.                     }
  69.                 }
  70.             }
  71.             return true;
  72.         }
  73.  
  74.         public bool LoadBlackList(string path)
  75.         {
  76.             BlackListedApps = new ArrayList();
  77.             StreamReader file = new StreamReader(path);
  78.             string line;
  79.  
  80.             while ((line = file.ReadLine()) != null)
  81.             {
  82.                 BlackListedApps.Add(line);
  83.             }
  84. 			file.Close();
  85.             return true;
  86.         }
  87.  
  88.         private void LoggingOff(object sender, SessionEndingEventArgs e)
  89.         {
  90.             done = true;
  91.             System.Windows.Forms.MessageBox.Show("Logging off");
  92.         }
  93.     }
  94.  
  95.     class NativeWIN32
  96.     {
  97.         public const int WM_SYSCOMMAND = 0x0112;
  98.         public const int SC_CLOSE = 0xF060;
  99.  
  100.         [DllImport("user32.dll")]
  101.         public static extern int EnumWindows(CallBack cb, int lParam);
  102.         [DllImport("user32.dll")]
  103.         public static extern int GetWindowText(IntPtr hWnd, StringBuilder s, int MaxCount);
  104.         [DllImport("user32.dll")]
  105.         public static extern int GetWindowTextLength(IntPtr hWnd);
  106.         [DllImport("user32.dll")]
  107.         public static extern int SendMessage(IntPtr hWnd, uint Msg, int wParam, int lParam);
  108.         [DllImport("user32.dll")]
  109.         public static extern bool IsWindowVisible(IntPtr hWnd);
  110.         [DllImport("user32.dll")]
  111.         public static extern bool ShowWindow(IntPtr hWnd, int nCmdShow);
  112.         [DllImport("kernel32.dll")]
  113.         public static extern IntPtr GetConsoleWindow();
  114.     }
  115. }

csharp Syntax (Toggle Plain Text) 
  1. using System;
  2. using System.Text;
  3. using System.Threading;
  4. using ApplicationScanner;
  5.  
  6. public class Monitor
  7. {
  8.     public static void Main()
  9.     {
  10.         WindowManager wm = new WindowManager();
  11.         wm.LoadBlackList(@"C:\Blocked.txt");
  12.  
  13.         IntPtr handle = NativeWIN32.GetConsoleWindow();
  14.         NativeWIN32.ShowWindow(handle, 0);
  15.         wm.GetWindows();
  16.     }
  17. }

I hope you guys like it
__________________
JG-Webdesign
Last edited by Wizard1988; Jun 12th, 2007 at 1:51 AM.
Wizard1988 is online now   Reply With Quote