Solve : vb6 I made my process critical.....?

1.	Solve : vb6 I made my process critical.....?
Answer» I made by process a system critical process to if you kill the process it blue screens and then you have to restart. Its a parental blocker I'm making. Anyways the problem is that when you try to shutdown it also blue screens. And I have no idea how to not make it critical. If you want to see the source of the api/module that I am using then I will post it. And YES I did not make that module I got it from XcryptOR. So credits to him for making it.Someone must know how. It is for a legit purpose so i mean come on...VB6 code cannot run in kernel mode and therefore cannot be directly responsible for a BSOD. however, a GOOGLE search brought up some INTERESTING results that claimed to run a program as a "system critical" process. Every single one of them is wrong. Not a single one of them actually makes the process "system-critical". What is actually being done, is the process is being modified via ntsetInformationProcess() so that it has two extra flags that indicate: 1.The program is running under a debugger 2.the program should break into the debugger upon termination. So, when your program is TERMINATED, windows attempts to call an Active debugger on the process, under the false impression that the program is being run under a debugger (due to the changed flag). However, it is NOT and therefore the appropriate Debug information that would be set when a debugger attaches to the process (which is the only legitimate reason for the "running under a debugger" flag to be set, ever). additionally, since this debugging code is in kernel mode and encounters a FATAL error based on some amateur fooling around with process attributes that they really should understand before they fudge with them, it crashes. Nothing particularly special about it at all- the only thing that has been done to make the process "system critical" is to make it so that the process information is wrong and causes a BSOD when the program terminates, under any condition. if you want your program to terminate properly, unset the erroneous process information before your program terminates "on purpose". How? Well, perhaps you should investigate the code your using to set the erroneous (note how I am constantly saying this? I'm trying to drive home the fact that what you are doing is literally corrupting the internal data structures so they have inconsistent data (saying it is running under a debugger with no debugger attached) process flags.thats actually quite interesting. Anyways i finally found an api (like 10 min ago) that let me change it back to normal and so now they can atleast shutdown windows without getting a bsod. Is there actually a risk of doing it like that. I mean im sure its not going to blow up their pc but is there a chance that it may format their pc or something of that gratitude?Quote from: hey101 on February 18, 2010, 01:31:29 PM thats actually quite interesting. Anyways i finally found an api (like 10 min ago) that let me change it back to normal and so now they can atleast shutdown windows without getting a bsod. Is there actually a risk of doing it like that. I mean im sure its not going to blow up their pc but is there a chance that it may format their pc or something of that gratitude? No. But since your literally corrupting data, your bound to run into problems at some point. The way I see it, it's kind of silly to make your process "critical"; terminating the process is only one way to circumvent the blocker. It's just as easy to simply remove the method the program starts with the system and reboot. In either case, something like a parental blocker should probably be written as a Windows Service. Also, recall that Windows Vista and 7 have built-in parental controls.true which is why im working on methods to prevent the removal of the startup entry. Also believe me when i say that vista or windows 7 built in parental stuff cant even come close to what im doing since mine is done remotely. its more or less of a parental control than a blocker, but yah... If I were to make it a service couldnt a user simply stop or terminate the service or set the startup to manual?

Answer»

I made by process a system critical process to if you kill the process it blue screens and then you have to restart. Its a parental blocker I'm making. Anyways the problem is that when you try to shutdown it also blue screens. And I have no idea how to not make it critical. If you want to see the source of the api/module that I am using then I will post it.

And YES I did not make that module I got it from XcryptOR. So credits to him for making it.Someone must know how. It is for a legit purpose so i mean come on...VB6 code cannot run in kernel mode and therefore cannot be directly responsible for a BSOD.

however, a GOOGLE search brought up some INTERESTING results that claimed to run a program as a "system critical" process.

Every single one of them is wrong.

Not a single one of them actually makes the process "system-critical".

What is actually being done, is the process is being modified via ntsetInformationProcess() so that it has two extra flags that indicate:

1.The program is running under a debugger
2.the program should break into the debugger upon termination.

So, when your program is TERMINATED, windows attempts to call an Active debugger on the process, under the false impression that the program is being run under a debugger (due to the changed flag). However, it is NOT and therefore the appropriate Debug information that would be set when a debugger attaches to the process (which is the only legitimate reason for the "running under a debugger" flag to be set, ever). additionally, since this debugging code is in kernel mode and encounters a FATAL error based on some amateur fooling around with process attributes that they really should understand before they fudge with them, it crashes.

Nothing particularly special about it at all- the only thing that has been done to make the process "system critical" is to make it so that the process information is wrong and causes a BSOD when the program terminates, under any condition.

if you want your program to terminate properly, unset the erroneous process information before your program terminates "on purpose".

How?

Well, perhaps you should investigate the code your using to set the erroneous (note how I am constantly saying this? I'm trying to drive home the fact that what you are doing is literally corrupting the internal data structures so they have inconsistent data (saying it is running under a debugger with no debugger attached) process flags.thats actually quite interesting. Anyways i finally found an api (like 10 min ago) that let me change it back to normal and so now they can atleast shutdown windows without getting a bsod.
Is there actually a risk of doing it like that. I mean im sure its not going to blow up their pc but is there a chance that it may format their pc or something of that gratitude?Quote from: hey101 on February 18, 2010, 01:31:29 PM

thats actually quite interesting. Anyways i finally found an api (like 10 min ago) that let me change it back to normal and so now they can atleast shutdown windows without getting a bsod.
Is there actually a risk of doing it like that. I mean im sure its not going to blow up their pc but is there a chance that it may format their pc or something of that gratitude?

No. But since your literally corrupting data, your bound to run into problems at some point.

The way I see it, it's kind of silly to make your process "critical"; terminating the process is only one way to circumvent the blocker. It's just as easy to simply remove the method the program starts with the system and reboot.

In either case, something like a parental blocker should probably be written as a Windows Service. Also, recall that Windows Vista and 7 have built-in parental controls.true which is why im working on methods to prevent the removal of the startup entry. Also believe me when i say that vista or windows 7 built in parental stuff cant even come close to what im doing since mine is done remotely.
its more or less of a parental control than a blocker, but yah...

If I were to make it a service couldnt a user simply stop or terminate the service or set the startup to manual?

Solve : vb6 I made my process critical.....?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment