How do you control other application using C#

Question

0.00/5 (No votes)

See more:

you see I work at a school as IT support and I have come up with an idea on how to report attempts to tamper with the computers. What I want is a way to handle a process. For example.

A student opens cmd and my application handles that process and runs “sysadmin.exe message” which will display a message reporting to cmd access to myself and I will tell the head.

What I have tried:

I have tried Selecting the process then trying to redirect input but with no success. I can detect if it’s open but I want to write a message to them in that process. I don’t want to have to close and start up again.

Posted 27-Jan-19 10:47am

WOLF 2018

Updated 28-Jan-19 5:24am

Add a Solution

Comments

Dave Kreskowiak 27-Jan-19 20:27pm

Why would you want to be notified every time CMD.EXE is run? That happens more than you know and not just when a user launches it. It's also not a sign of tampering on the machine.

WOLF 2018 28-Jan-19 2:46am

I know but I want to scare them a bit lol. As I thought them seeing that cmd is telling them not to use it is more fun.

Dave Kreskowiak 28-Jan-19 9:33am

You don't have a remote method of doing that. You would have to write an app that is installed on the machines ahead of time and runs when the users log in. The app would then run as the user that logged in.

It would have to monitor process creation, looking for instance of CMD.EXE, then it could display a dialog box with your warning.

Keep in mind, this now makes YOU the one tampering with the machines.

WOLF 2018 28-Jan-19 16:46pm

I use task Scheduler and run as admin and not just that the process protects itself because if you close it you will get a BSOD.

Dave Kreskowiak 28-Jan-19 17:02pm

Your approach to protecting the app results in an unstable machine, loss of users data, and possible corruption of the drives.

And you're worried about OTHER people "tampering" with the machine?

WOLF 2018 28-Jan-19 18:41pm

Well it only happens if the process gets closed by force. I make a client to talk to it and I can close it though that and it won’t cause a BSOD. And with the power to stop access to power shell as well.

WOLF 2018 28-Jan-19 18:44pm

Can’t have students try and access things they shouldn’t. Plus I am working on scanning USBs using VirusTotal api. That will stop them trying to install malware on the computer.

Dave Kreskowiak 28-Jan-19 19:52pm

There are much easier methods to do this other than writing a bunch of code.

Policies, policies, policies.

pdoxtader 28-Jan-19 11:14am

Dave is absolutely correct. Another thing to consider is that depending on how computer savvy your students are, they may just open task manager and kill your watchdog application. A much better solution has been offered by Ravi below. Just deny access to any windows features that you want to restrict using Group Policy Editor. That's the correct way to handle this, and it's what admins in other schools or libraries do.

WOLF 2018 28-Jan-19 16:37pm

Not true I have disabled task manager and if the watchdog closes the company will go to a blue screen of death.

pdoxtader 28-Jan-19 16:48pm

Really. All of that just to scare them a little bit?

I don't think anyone here is going to help you hack or hijack the windows command interpreter, once they realize that's what you're trying to do.

WOLF 2018 28-Jan-19 18:57pm

No I am not trying to do anything malicious. I am trying to show them a message in they open process. Ps. If I do find a way. I can really do the matrix thing at home to my friend. You know when he opens cmd write “hello neo” and then “follow the white rabbit” as a bit of a joke for him.

2 solutions

Solution 1

To disable access to CMD.EXE (and in general control what a user can and cannot do), you should instead use the Group Policy Editor[^].

/ravi

Posted 27-Jan-19 15:46pm

Ravi Bhavnani

Comments

WOLF 2018 28-Jan-19 2:50am

As I said I need a method of inputting information into cmd when run by user that way I can give them a scare and let them know I am watching.

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard Deeming · Accepted Answer · 2019-01-28T05:25:00

If you control the PC, then the simplest option would probably be to use the Image File Execution Options registry key:
An Introduction to Image File Execution Options - Malwarebytes Labs | Malwarebytes Labs[^]
registry - Set "Image File Execution Options" will always open the named exe file as default - Stack Overflow[^]

NB: Since this technique is often abused by malware, your antivirus might flag this as an unknown virus.

You also need to be very careful, since it's possible to break your OS with this technique.
Beware the Image File Execution Options key – The Old New Thing[^]