Hi
Has anyone or is there a way of creating a program that will detect a USB device and then check for any .exe files and stop them from running or make the invisible?
Thanks
Hi
Has anyone or is there a way of creating a program that will detect a USB device and then check for any .exe files and stop them from running or make the invisible?
Thanks
There are probably commercial products that do this.
It is non-trivial to do, because you will need to basicly interface into the file-system stack, and in that "know" if a drive is a USB drive or not - and at the filesystem level, you don't implicitly know what the media where the data comes from. There may be a "run-filter-hook" that you could use, but you still need to understand what the drive is.
Is this an attempt to prevent people from installing/running "unapproved" software on some group of machines? If so, and it's important that it always works, you probably want to use a commercial product.
If you are just doing this as a toy, have a go at it. But you haven't exactly shown me that you are capable of writing kernel mode driver filters.
Also consider that you can always put an executable in a .zip file and load the zip file and then execute from a temporary directory, so unless you use a commercial product, that's probably the "easy way around it".
--
Mats
Compilers can produce warnings - make the compiler programmers happy: Use them!
Please don't PM me for help - and no, I don't do help over instant messengers.
yeah it was to stop people from doing so on computer - if you think it would be better to get a commercial one then ill do that - is kernel Linux programming?
By kernel I mean the OS kernel - there is one in Linux, Windows and all other "large" operating systems. Although I suppose I use the term loosely, in this case, to means "kernel mode" programming, which is where you are on the "kernel side" rather than user-mode side. User-mode is where applications run, kernel-mode is where most drivers run, along with the kernel itself, and probably also a few "kernel services" or "kernel processes", which would be tasks that run on behalf of the kernel [such as the swapper process that takes care of loading/unloading pages when you use virtual memory].
--
Mats
Compilers can produce warnings - make the compiler programmers happy: Use them!
Please don't PM me for help - and no, I don't do help over instant messengers.
ah right i see thanks for the advice and info
For those interested:
http://www.osr.com/toolkits_fddk.shtml
gg
Yes, the nice people at OSR do good stuff.
--
Mats
Compilers can produce warnings - make the compiler programmers happy: Use them!
Please don't PM me for help - and no, I don't do help over instant messengers.
