| View previous topic :: View next topic |
| Author |
Message |
thomas
Newbie
Joined: 15 Jan 2003
Posts: 23
Location: Germany
|
 Posted: Mon Nov 17, 2003 3:40 pm Post subject: kill Tasks that have no window shown |
 |
|
Hello,
first I want to check if a task (application) is started. This task has no active window. So the function @winactive does not work for this.
At secound step I want to kill this task over VDS Script. A solution is to use the kill.exe or tskill.exe from the Windows system, but I search a solution over VDS.
Do anybody know a solution with VDS 4 or 5?
Thanks
Thomas |
|
| Back to top |
|
 |
chucks0
Newbie
Joined: 08 Jun 2002
Posts: 23
|
| Posted: Mon Nov 17, 2003 3:56 pm Post subject: |
|
|
Here is a script that we use that constantly monitors the computer for prohibitted applications.
| Code: | #-----------------------------------------------------------------------------#
# #
# TaskMon.dsc - Script to monitor running processes and kill prohibited #
# applications. Checks both process name and original filenames. #
# #
# Author: Charles W. Hucks #
# Date: 11-06-2003 #
# Last Modification: 11-11-2003 #
# #
#-----------------------------------------------------------------------------#
OPTION ERRORTRAP,ErrorHandler
#define command,GetForbidden
#define command,GetProcs
#define command,KillProcs
#define command,KillRunning
IF @NOT(@NULL(%1))
GOTO StartupParams
END
WAIT 10
GetForbidden
%j = 0
:CheckProcs
GetProcs
KillProcs
WAIT 30
%j = @succ(%j)
IF @NOT(@EQUAL(%j,10))
GOTO CheckProcs
END
RUN @SHORTNAME(%0)
EXIT
#-----------------------------------------------------------------------------#
# GetForbidden - Command to create list of denied applications. #
#-----------------------------------------------------------------------------#
:GetForbidden
LIST CREATE,1
LIST LOADFILE,1,@SHORTNAME(@PATH(%0))@NAME(%0).all
IF @GREATER(@POS(STUDENTS,@REGREAD(LOCAL,SYSTEM\CurrentControlSet\Services\NetwareWorkstation\Parameters\Trees,RICHLAND2)),0)
LIST CREATE,2
LIST LOADFILE,2,@SHORTNAME(@PATH(%0))@NAME(%0).stu
LIST APPEND,1,2
LIST CLOSE,2
END
%i = 0
WHILE @GREATER(@COUNT(1),%i)
LIST SEEK,1,%i
PARSE "%%ProcName;%%Desc",@ITEM(1)
LIST PUT,1,%%ProcName
%i = @SUCC(%i)
WEND
EXIT
#-----------------------------------------------------------------------------#
# GetProcs - Command to create list of all running processes. #
#-----------------------------------------------------------------------------#
:GetProcs
LIST CREATE,5
LIST CREATE,9
LIST TASKLIST,5,NI
%i = 0
WHILE @GREATER(@COUNT(5),%i)
LIST SEEK,5,%i
PARSE "%%ProcName;%%ProcID",@ITEM(5)
LIST MODULES,9,%%ProcID
IF @GREATER(@COUNT(9),0)
LIST PUT,5,%%ProcName|@VERINFO(@ITEM(9,0),N)|%%ProcID
ELSE
LIST PUT,5,%%ProcName|%%ProcName|%%ProcID
END
LIST CLEAR,9
%i = @SUCC(%i)
WEND
LIST CLOSE,9
EXIT
#-----------------------------------------------------------------------------#
# KillProcs - Command to kill running processes that are not allowed. #
#-----------------------------------------------------------------------------#
:KillProcs
%i = 0
WHILE @GREATER(@COUNT(5),%i)
LIST SEEK,1,0
LIST SEEK,5,%i
PARSE "%%ProcName;%%OrigName;%%ProcID",@ITEM(5)
IF @MATCH(1,%%ProcName)
KILLTASK %%ProcID
ELSIF @MATCH(1,%%OrigName)
KILLTASK %%ProcID
END
%i = @SUCC(%i)
WEND
LIST CLOSE,5
EXIT
#-----------------------------------------------------------------------------#
# StartupParams - Routine to process startup parameters. #
#-----------------------------------------------------------------------------#
:StartupParams
IF @BOTH(@EQUAL(%1,INSTALL),@NOT(@EQUAL(@PATH(%0),@WINDIR()\)))
KillRunning
%%SourceFile = @SHORTNAME(@PATH(%0))@NAME(%0)
%%TargetFile = @WINDIR()\@NAME(%0)
FILE COPY,%%SourceFile.exe,%%TargetFile.exe
FILE COPY,%%SourceFile.all,%%TargetFile.all
FILE COPY,%%SourceFile.stu,%%TargetFile.stu
FILE SETATTR,%%TargetFile.exe,HSR
FILE SETATTR,%%TargetFile.all,HSR
FILE SETATTR,%%TargetFile.stu,HSR
FILE COPY,@SHORTNAME(@PATH(%0))vdsrun50.dll,@WINDIR()\SYSTEM32\vdsrun50.dll
IF @EQUAL(%2,ENABLE)
REGISTRY WRITE,LOCAL,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,TaskMon,TaskMon.exe
RUN %%TargetFile.exe
END
ELSIF @EQUAL(%1,SHUTDOWN)
KILLTASK @NAME(%0).@EXT(%0)
ELSIF @EQUAL(%1,DISABLE)
REGISTRY DELETE,LOCAL,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,TaskMon
ELSIF @EQUAL(%1,UNINSTALL)
%%TargetFile = @WINDIR()\@NAME(%0)
KillRunning
REGISTRY DELETE,LOCAL,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,TaskMon
FILE DELETE,%%TargetFile.exe
FILE DELETE,%%TargetFile.all
FILE DELETE,%%TargetFile.stu
END
STOP
#-----------------------------------------------------------------------------#
# KillRunning - Command to kill all previous copies of script in ram. #
#-----------------------------------------------------------------------------#
:KillRunning
LIST CREATE,5
LIST CREATE,9
LIST TASKLIST,5,NI
%i = 0
WHILE @GREATER(@COUNT(5),%i)
LIST SEEK,5,%i
PARSE "%%ProcName;%%ProcID",@ITEM(5)
LIST MODULES,9,%%ProcID
IF @BOTH(@GREATER(@COUNT(9),0),@EQUAL(%%ProcName,@NAME(%0).@EXT(%0)))
IF @NOT(@EQUAL(@SHORTNAME(@ITEM(9,0)),@SHORTNAME(%0)))
KILLTASK %%ProcID
END
END
LIST CLEAR,9
%i = @SUCC(%i)
WEND
LIST CLOSE,9
LIST CLOSE,5
EXIT
:ErrorHandler
STOP
|
Several things to mention about the script.
1. The denied lists are saved as text files in the same directory as the compiled script. They should be named filename.stu and filename.all where filename is the name of the exe file you saved the script as. The files themselves contain one record on each line with
process.exe|Description of process.
2. In our environment, we wanted a list for all users as well as a separate list for students. Thus the two lists. You could easily modify the code if you wanted only one list.
3. The script is set to automatically shutdown after 10 polling cycles and restart. The reason for this is a small memory leak in the LIST MODULES procedure which causes the program to consume more and more memory after each loop. This bug has been reported to VDS and should be fixed.
If you have any questions, let me know and I'll try and help.
Charles
Post has been changed by an administrator to use the [code:1:b508b49b3b] tag to increase readability |
|
| Back to top |
|
|
vdsalchemist
Admin Team
Joined: 23 Oct 2001
Posts: 1448
Location: Florida, USA
|
| Posted: Mon Nov 17, 2003 4:35 pm Post subject: |
|
|
Hi All,
Well it's pretty cool that you are using VDS for this but I have to ask. Why didn't you just use Policy Editor and make a secruity policy to control what the user has access to?
_________________
Home of
Give VDS a new purpose!
 |
|
| Back to top |
|
|
chucks0
Newbie
Joined: 08 Jun 2002
Posts: 23
|
| Posted: Mon Nov 17, 2003 5:45 pm Post subject: |
|
|
Two reasons:
1. Using the windows tools, if you add notepad.exe to the disallowed application list, all a user has to do is rename it to something.exe and it will work. My script traces back to the file that was launched and looks at the "original name" attribute to see if the file was renamed.
2. Easier to update.
Charles |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
@vdsworld