[usch]

hi guys

well i am not that coding guru so i thought a long time:
what tool can i code with my low skills that is at least a bit useful ?

my idea is related to this thread
http://www.governmen...showtopic=11249

-+----RestrictRun----+-

code by : usch

description:
	restrictrun is a tool that can restrict programs from running 
	by adding entries to the registry as described here : 
	http://www.winguides.com/registry/display.php/969/

	u can use it to prevent a virus on your system from running.

	note:1. you need to reboot for changes to take effect!
      2. DONT restrict important files like explorer or       regedit.exe!	
      i didnt test it but it could cause serious problems!


usage:

	RestrictRun.exe <filename>


greets to:
	
	br0mstar,Pip,x0x, codelinx.net and coding-board.de for helping  me with the code alttough its not a big and difficult one;)

	all the guys at #gso-chat and those who contribute to  govsec.org


contact: quantum IRC #gso-chat usch

if u want the source code for research,further development etc...
PM me or query me at #gso-chat


DOWNLOAD: http://mitglied.lyco...RestrictRun.rar
right click>save as
well i hope this tool will be useful 4 you


yours
usch

[Antil]

maybe your first tool..but a damn good one m8 B)

nice job, will test a bit around with it

[andydis]

Quote

u can use it to prevent a virus on your system from running.

or restict the actual anti-virus from running, depends what side you look at it :-)

[iLLuSioN]

nice job , 1st one and its a good one keep up the work .

[passi]

Well done. It's a very useful tool :>

I try to prevent some firewalls to be executed when trying to own a machine :>

[Serhat]

Nice thinking m8 :)
here is a mirror
http://yourmother.th...RestrictRun.rar

Serhat

[hidden]

thx man for ur tool i ll try it and hope it's to be continued ;) thx again

[usch]

well, i decided to release the code :=)
here it is

#include <stdio.h>
 #include <stdlib.h>
 #include <windows.h>
 #include <string.h>
 HKEY hkey;

 int STRING = 0x1;
 int main(int argc, char *argv[])
 {
      RegCreateKey(HKEY_CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", &hkey); 
	RegSetValueEx(hkey,
      "DisallowRun",
      0,
      REG_DWORD,
      (LPBYTE)&STRING,
      sizeof(STRING));

//	RegCloseKey(hkey);
 if(argc == 2)
 {

	RegCreateKey(HKEY_CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisallowRun", &hkey); 
	RegSetValueEx(hkey,
      argv[1],
      0,
      REG_SZ,
      (LPBYTE)argv[1],
      strlen(argv[1]));

	RegCloseKey(hkey);

 }   
else
{
 printf("&----------------------------------------------& \n");
printf("|                 RestrictRun                  | \n");
printf("&                  by usch                     & \n");
printf("|                                              | \n");
printf("&            #gso-chat at quantum              & \n");
printf("|                                              | \n");
printf("&----------------------------------------------& \n\n");

printf("  Usage: RestrictRun.exe <exefile> \n");        
   return 0;
 }
}

and thanks to all for your positive replies, theyre a very good motivation

yours

usch

[MxMx]

prevent ftp.exe tftp.exe and rcp.exe from running B)

[h3llraz0r]

great work on this tool usch. simple yet powerful and useful.

[Carlos]

heh a nice way to kill ad-ware or spy-ware too. many uses, good start mate, thnx.