有没有办法识别Windows命令提示符,无论文件名或位置? [英] Is there a way to identify the Windows command prompt regardless of file name or location?
问题描述
我正在编写一个程序,当用户运行命令提示符(如果可能的话,regedit)立即跟踪和杀死。这是为了阻止用户运行命令,我宁愿他们没有。
I'm writing a program to immediately track and kill when a user runs command prompt (and regedit if that's possible). This is to stop users from running commands I would rather they not have.
我已经写了一个代码,看到一个进程启动时,并使用QueryFullProcessImageName检查其名称。问题是,如果有人重命名命令提示符,然后我不能再通过进程名检测它。我检测命令提示符的方式是当前\cmd.exe,但显然这不是很安全。
I've already written code that sees when a process is launched and checks its name using QueryFullProcessImageName. The issue is that if someone were to rename command prompt then I could no longer detect it via process name. The way I detect command prompt is currently "\cmd.exe" but clearly this is not very secure.
下面是我为代码。我删除所有错误检查为简洁。如果您需要更清楚,请告诉我。谢谢!
Posted below is what I have for the code. I removed all error checking for brevity. Please let me know if you need more clarity. Thanks!
TCHAR exeName[MAX_PATH];
DWORD exeNameSize = MAX_PATH;
//the pid comes into the function as a parameter
HANDLE handle = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, 0, pid);
if (handle)
{
if (QueryFullProcessImageName(handle, 0, exeName, &exeNameSize))
{
tstring name = exeName;
/*
badProcs would contain the path identifiers such as
"\\cmd.exe" or "\\regedit.exe". This detection is
what I want to make better.
*/
for(int i=0; i < badProcs.size(); i++)
{
if(tstring::npos != name.find(badProcs.at(i)))
{
if(TerminateProcess(handle,0))
OutputDebugString(_T("Process should be dead\n\n"));
}
}
}
CloseHandle(handle);
}
一些附加信息:我写这个的原因是控制什么在其他桌面上。我想要这样,当用户启动不同的桌面(通过任何专有程序),我可以控制是否他们有权访问给系统最大的安全漏洞的项目。由于我只想控制其他桌面上的操作,我不想更改设置,以免损坏目标桌面以外的数据。是不是担心腐败?
Some additional information: The reason I'm writing this is to control what goes on in other desktops. I want to make it so that when a user launches a different desktop (via whatever proprietary program) I can control whether or not they have access to items which present the biggest security holes to the system. Given that I only want to control actions does on the other desktop, I do not want to change settings for fear of corrupting data outside of the target desktop. Is corruption not something to worry about?
我只想控制一个专有桌面,而不是用户在自己的空间做什么。
I'm only interested in controlling a proprietary desktop, not mucking with what users do in their own space. Essentially the separate desktop is for corporate work, and I want to be able to limit what people can do with company information, etc.
推荐答案
如果您是管理员,而用户不是,策略工作;如果用户也是一个管理员,他们将能够很容易地打败你的程序。
If you're admin and the "user" is not, policy (or simple ACL) will do the job; if the "user" is also an admin, they'll be able to defeat your program fairly easily.
这篇关于有没有办法识别Windows命令提示符,无论文件名或位置?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!