Retrictrun.exe

GovernmentSecurity.org > The Archives > Public Downloads

usch

Sep 22 2004, 12:53 PM

hi guys

well i am not that coding guru so i thought a long time:
what tool can i code with my low skills that is at least a bit useful ?

my idea is related to this thread
http://www.governmentsecurity.org/forum/in...showtopic=11249

CODE

-+----RestrictRun----+-

code by : usch

description:
restrictrun is a tool that can restrict programs from running
by adding entries to the registry as described here :
http://www.winguides.com/registry/display.php/969/

u can use it to prevent a virus on your system from running.

note:1. you need to reboot for changes to take effect!
2. DONT restrict important files like explorer or regedit.exe!
i didnt test it but it could cause serious problems!

usage:

RestrictRun.exe <filename>

greets to:

br0mstar,Pip,x0x, codelinx.net and coding-board.de for helping me with the code alttough its not a big and difficult one;)

all the guys at #gso-chat and those who contribute to govsec.org

contact: quantum IRC #gso-chat usch

if u want the source code for research,further development etc...
PM me or query me at #gso-chat

DOWNLOAD: http://mitglied.lycos.de/uschibergmann/RestrictRun.rar
right click>save as
well i hope this tool will be useful 4 you

yours
usch

Antil

Sep 22 2004, 01:25 PM

maybe your first tool..but a damn good one m8

nice job, will test a bit around with it

andydis

Sep 22 2004, 01:33 PM

QUOTE

u can use it to prevent a virus on your system from running.

or restict the actual anti-virus from running, depends what side you look at it :-)

iLLuSioN

Sep 22 2004, 06:19 PM

nice job , 1st one and its a good one keep up the work .

passi

Sep 22 2004, 06:23 PM

Well done. It's a very useful tool :>

I try to prevent some firewalls to be executed when trying to own a machine :>

Serhat

Sep 22 2004, 08:24 PM

Nice thinking m8

here is a mirror
http://yourmother.thefreebizhost.com/RestrictRun.rar

Serhat

hidden

Sep 22 2004, 09:23 PM

thx man for ur tool i ll try it and hope it's to be continued

thx again

usch

Sep 22 2004, 10:46 PM

well, i decided to release the code :=)
here it is

CODE

#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
#include <string.h>
HKEY hkey;

int STRING = 0x1;
int main(int argc, char *argv[])
{
RegCreateKey(HKEY_CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", &hkey);
RegSetValueEx(hkey,
"DisallowRun",
0,
REG_DWORD,
(LPBYTE)&STRING,
sizeof(STRING));

// RegCloseKey(hkey);
if(argc == 2)
{

RegCreateKey(HKEY_CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisallowRun", &hkey);
RegSetValueEx(hkey,
argv[1],
0,
REG_SZ,
(LPBYTE)argv[1],
strlen(argv[1]));

RegCloseKey(hkey);

}
else
{
printf("&----------------------------------------------& \n");
printf("| RestrictRun | \n");
printf("& by usch & \n");
printf("| | \n");
printf("& #gso-chat at quantum & \n");
printf("| | \n");
printf("&----------------------------------------------& \n\n");

printf(" Usage: RestrictRun.exe <exefile> \n");
return 0;
}
}

and thanks to all for your positive replies, theyre a very good motivation

yours

usch

MxMx

Sep 23 2004, 07:43 AM

prevent ftp.exe tftp.exe and rcp.exe from running

h3llraz0r

Sep 24 2004, 02:14 AM

great work on this tool usch. simple yet powerful and useful.

Carlos

Sep 24 2004, 03:36 AM

heh a nice way to kill ad-ware or spy-ware too. many uses, good start mate, thnx.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.