如何停止应用程序执行
我正在开发一个项目,以防止从可移动设备启动应用程序。 有谁知道我该怎么做?最好是 Windows 平台上的 C++。
我的目标是防止执行 exe 文件,即使用户双击它或者即使他尝试从命令行启动它。
I am working on a project to prevent applications from being launched from removable devices.
Does anyone out there know how i can do this? Preferrably in C++ on the Windows platform.
My aim is to prevent execution of the exe file even if the user double clicks it or even if he tries to launch it from the command line.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
假设您希望停止从可移动驱动器启动的任何进程,这似乎是 shell 挂钩的应用程序。我在过去的半小时内编写了以下代码,并且似乎测试正常。请记住,编写挂钩是一个不平凡的过程,全局挂钩需要编写 DLL。这是钩子 DLL 的相关内容:
我已经测试了这段代码,从一个简单的对话框测试台安装,它允许我从我的硬盘驱动器启动任何窗口应用程序,但立即关闭我从 USB 密钥启动的任何应用程序。
请注意,此解决方案适用于所有 GUI 进程(即非控制台),但要求它们响应顶级窗口上的 WM_CLOSE。更激进的通用解决方案可能需要您将 hwnd 解析为 hprocess 并调用 TerminateProcess:我提供的解决方案更“友善”(链接的 DLL 将被卸载等),但不太通用。
如果您想了解编写系统范围挂钩的基础知识,可以在我的网站 上找到它们在这里。请注意,上面的代码不是生产质量的代码,我将其侵入了我现有的旧 ANSI dll 中,因此缺乏对 Unicode 的支持,或任何接近体面的调试功能的支持。但它显示了基本思想。
Assuming that you wish to stop ANY process launching from a removable drive, this seems to be an application for a shell hook. I wrote the following code over the last half-hour, and it seems to test out OK. Bear in mind that writing a hook is a non-trivial process, and a global hook requires that a DLL be written. This is the relevant guts of the hook DLL:
I have tested this code, installed from a simple dialog testbed, and it allows me to launch any windowed application from my hard drive, but immediately closes any I launch from a USB key.
Note that this solution works for all GUI processes (i.e. non-console), but requires that they respond to WM_CLOSE on a top-level window. A more aggressive general solution would probably require you to resolve the hwnd into a hprocess and call TerminateProcess: the solution I have provided is "kinder" (linked DLLs will get unloaded etc), but less general.
If you want to know the basics of writing a system-wide hook, you can find them on my website here. Note that the above isn't production-quality code, I hacked it into an old ANSI dll I had laying around, hence the lack of support for Unicode, or anything approaching decent debug capability. It shows the basic idea though.
您的网络管理员可以处理这个问题,而无需您编写任何代码。我们在这里实现了完全相同的事情,以防止员工将客户的私人信息复制到可移动设备的可能性,并且网络管理员自己实现了它,而我们开发部门不需要做任何事情。我不知道这是否适合你的情况,但值得考虑。
Your network admin can take care of that without you needing to write any code. We implemented exactly that same thing here to prevent the possibility of employees copying customers private information to removable devices and the network admin implemented it himself without us here in the dev dept needing to do anything. I don't know if that would work in your situation but it's worth considering.
如果当前磁盘类型是可移动设备,您可以编写从 Main 方法返回的代码片段。
调用 GetCurrentDirectory 拆分磁盘名称并使用 WMI(这 可以提供帮助),甚至更好 GetDriveType(这个可以在这里提供帮助)了解它是否在可移动磁盘上的方法
You can write snippet that returns from Main method if the current disk type is removable device.
Call GetCurrentDirectory split disk name and use WMI(this can help) or even better GetDriveType(this can help here) method to know is it on removable disk or not
在我看来,您正在寻找一种通用方法来阻止从已运行的应用程序从设备上启动任何应用程序。
所以本质上是三个问题:
1. 检测新应用程序已开始
2. 检查运行的设备类型
3. 如果您不想要它,则强制应用程序终止
第 1 部分:这是一个困难的部分,我认为您需要使用 EnumProcess 定期进行轮询,这不是很好,或者只是检查生成 WM_ACTIVATEAPP 的应用程序
第 2 部分:ArsenMkrt 的解决方案似乎适合第
3 部分:TerminateProcess 应该为您做这件事
Seems to me you are looking for a generic way to stop any app being launched off the device from an application that is already running.
So essentially three issues:
1. Detecting the new application has started
2. Checking what type of device it is running off
3. Forcing the app to die if you don't want it
Part 1: This is the difficult party I think you need to either poll on a regular basis using EnumProcess which isn't great or just check applications which generate a WM_ACTIVATEAPP
Part 2: ArsenMkrt's Solution seems appropriate for this
Part 3: TerminateProcess should do it for you