• Process Killing with C or C++
    15 replies, posted
Hi guys I need some help with a little problem at school. People are using torrent downloading clients like µTorrent to download pirated material and because the IT stuff are lazy the teachers don't let us work at lunch which annoys the hell outta me. To fix this problem I have tried to make a background program to kill the "uTorrent.exe" process if someone was to run it but with little to no knowledge in C or C++ I didn't get very far. We run WinXP 32 on most of the machine but do have one Win7 and 2 Win8 running with bootcamp I'd much appreciate the help. I don't have money to spend on a programmer (Sorry :\)
This isn't really going to work the kid will just rename uTorrent.exe and it will change the process name, stuff like this should really be blocked at a network level.
[QUOTE=Baig Flawless;39967392]This isn't really going to work the kid will just rename uTorrent.exe and it will change the process name, stuff like this should really be blocked at a network level.[/QUOTE] uTorrent runs on random ports :\
Just block the torrent protocol/a lot of popular trackers
-snip- Edit: Meh. Didn't read OP carefully enough. Either way, unsnip: To identify it, you could get the assembly information or some form of signature/identifier, and kill the process almost like an antivirus would... Not overkill.
They solved it at my college by slowing down torrent traffic (QOS?)
So what is the best solution for blocking people from torrenting.
I dont know the code right now as I am at work, but I can put it together later.. Easiest way to do it with code, is to grab a newly run .exe check what the 'title' of the app is through winAPI, if its == to "uTorrent.exe" then kill the process.... no kids will be able to Hex Edit the title in the .exe, and if they could, then you would need a different strategy
[QUOTE=Pugzii;39967728]I dont know the code right now as I am at work, but I can put it together later.. Easiest way to do it with code, is to grab a newly run .exe check what the 'title' of the app is through winAPI, if its == to "uTorrent.exe" then kill the process.... no kids will be able to Hex Edit the title in the .exe, and if they could, then you would need a different strategy[/QUOTE]If you can I'd much appreciate that :)
Use Autohotkey
If they have a decent router/firewall they can likely block internet traffic by protocol, or just block trackers as Mega1mpact suggested. Much simpler than trying to constantly kill the executable, and if they were to boot into another operating system stored on a flash drive or CD, they could then torrent anyways.
ur gone have a hardtime blocking every single torrenting application. Filter the bittorent protocol in the routers, Or find a huge list of trackers and block those.
While they might be clever enough to change the filename, they won't be clever enough to either re-compile or alter the PECOFF to change the window title. So the technique should be to create a program which stores the probable window titles for various torrent programs, call FindWindow on each possible name, calls GetWindowThreadProcessId to get the process id, then OpenProcess with the process id and PROCESS_TERMINATE access rights, and finally TerminateProcess to close the bugger (you can call WaitForSingleObject to wait for the process to terminate). And, for good measure, I recommend calling MessageBeep(0xFFFFFFFF) between each function call, just to let them know for sure you're on to them.
[QUOTE=nfries88;39984209]While they might be clever enough to change the filename, they won't be clever enough to either re-compile or alter the PECOFF to change the window title. So the technique should be to create a program which stores the probable window titles for various torrent programs, call FindWindow on each possible name, calls GetWindowThreadProcessId to get the process id, then OpenProcess with the process id and PROCESS_TERMINATE access rights, and finally TerminateProcess to close the bugger (you can call WaitForSingleObject to wait for the process to terminate). And, for good measure, I recommend calling MessageBeep(0xFFFFFFFF) between each function call, just to let them know for sure you're on to them.[/QUOTE] Which is what I said :)
Well thank you for all the helpful posts every one I will ask IT if they have tried to block the protocol. I only have access to student accounts and systems :\
[QUOTE=Nipah;39990489]Well thank you for all the helpful posts every one I will ask IT if they have tried to block the protocol. I only have access to student accounts and systems :\[/QUOTE] Then your fix won't really help, because you have no method to deploy it.
Sorry, you need to Log In to post a reply to this thread.