CODEWITHSUNDEEP
c#.net
Asmonta
Asmonta

Reputation: 31

Prevent application from opening

I'm writing an app in C# to prevent some executable file from opening. My app will detect opening selected executable file and show message box to let user choose to run it or not. 

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe]
"Debugger"="calc.exe"


I have use above method from This topic but it will block all executable file with that name from any path. Which I want is to block only executable file in flashdrive or specifed path.

Example. I selected that my program will show message box when "a.exe" in Drive F:/ is opening. If I use a method in reference topic, it will block all "a.exe" in any path like "C:/a.exe", "D:/a.exe" or "F:/a.exe" but I want it to block only a.exe in F:/ not in other path or drive.

Any idea for this?

Thanks a lot.


Additional information:

Easy understanding with this question is... I want my program to block some exe in specified path. When user try to open specified exe, my app will block it and have a message box to alert user. If user click "No", specify exe will not run but If user click "Yes", specify exe will run normally.

this will work like a anti virus software when user accidentally run virus file, Anti virus will block it and have some message to ask user that he still wanted to run it or not.

Upvotes: 3

Views: 2774

Answers (1)

idipous
idipous

Reputation: 2910

I have a similar point in a blog article where I try to detect the creation and destruction of a process instance. For this I use ManagementEventWatcher and this class uses queries like 

internal ManagementEventWatcher WatchForProcessStart(string ProcessName)
{
    string Query = "SELECT TargetInstance" +
        " FROM __InstanceCreationEvent " + "WITHIN  2 " +
        " WHERE TargetInstance ISA 'Win32_Process' " +
        " AND TargetInstance.Name = '" + ProcessName + "'";
    string Scope = "\\\\.\\root\\CIMV2";
    ManagementEventWatcher Watcher = new ManagementEventWatcher(Scope, Query);
    Watcher.Start();
    return Watcher;
}

The scope is a ManagementScope instance which can be manipulated for your purposes as seen at MSDN 

ManagementScope scope = 
        new ManagementScope(
        "\\\\FullComputerName\\root\\cimv2");
scope.Connect();

I hope this helps you a bit. More information

http://msdn.microsoft.com/en-us/library/system.management.managementscope.aspx

http://www.idipous.net/how-to-monitor-proccess-creation-with-c/

Upvotes: 2

Related Questions