Thursday, 28 January 2016

how to hack a cyber cafe

Command Line Process Viewer/Killer/Suspender
for Windows NT/2000/XP



Want a small command line utility to view, kill, suspend or set the priority and affinity of processes, perhaps from a batch file? . . Has a virus disabled your Task Manager? . . or perhaps your Administrator has?
The Command Line Process Utility will function even when the task manager is disabled and/or the dreaded "Task Manager has been disabled by your Administrator" dialog box appears.
Works on remote machines with the Microsoft Telnet Server (tlntsvr) found on Windows 2000 and XP or with BeyondExec for Windows NT4/2000/XP.
View processes, owners, and CPU time . .
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.01
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org

       ImageName   PID Threads Priority CPU%
[System Process]     0       1        0 100 Error 0x6 : The handle is invalid.
          System     8      43        8   0 Error 0x5 : Access is denied.
        SMSS.EXE   180       6       11   0 NT AUTHORITY\SYSTEM
       CSRSS.EXE   204      11       13   0 NT AUTHORITY\SYSTEM
    WINLOGON.EXE   224      16       13   0 NT AUTHORITY\SYSTEM
    SERVICES.EXE   252      33        9   0 NT AUTHORITY\SYSTEM
       LSASS.EXE   264      16        9   0 NT AUTHORITY\SYSTEM
     svchost.exe   436      10        8   0 NT AUTHORITY\SYSTEM
     spoolsv.exe   468      15        8   0 NT AUTHORITY\SYSTEM
    CrypServ.exe   496       3       13   0 NT AUTHORITY\SYSTEM
     svchost.exe   512      28        8   0 NT AUTHORITY\SYSTEM
     hidserv.exe   532       4        8   0 NT AUTHORITY\SYSTEM
  jtagserver.exe   560       3        8   0 NT AUTHORITY\SYSTEM
         mdm.exe   584       6        8   0 NT AUTHORITY\SYSTEM
     nvsvc32.exe   628       2        8   0 NT AUTHORITY\SYSTEM
      regsvc.exe   664       2        8   0 NT AUTHORITY\SYSTEM
      mstask.exe   704       6        8   0 NT AUTHORITY\SYSTEM
      stisvc.exe   728       4        8   0 NT AUTHORITY\SYSTEM
     WinMgmt.exe   804       3        8   0 NT AUTHORITY\SYSTEM
    mspmspsv.exe   876       2        8   0 NT AUTHORITY\SYSTEM
     svchost.exe   896       5        8   0 NT AUTHORITY\SYSTEM
    explorer.exe   616      15        8   0 NEPTUNE\Administrator
       mixer.exe  1092       3        8   0 NEPTUNE\Administrator
    PRISMSTA.exe  1048       1        8   0 NEPTUNE\Administrator
    rundll32.exe   952       2        8   0 NEPTUNE\Administrator
    DIRECTCD.EXE   960       3        8   0 NEPTUNE\Administrator
    internat.exe  1180       1        8   0 NEPTUNE\Administrator
         OSA.EXE  1192       2        8   0 NEPTUNE\Administrator
         Icq.exe  1200      11        8   0 NEPTUNE\Administrator
      devenv.exe  1324       4        8   0 NEPTUNE\Administrator
    IEXPLORE.EXE  1140       7        8   0 NEPTUNE\Administrator
         CMD.EXE  1340       1        8   0 NEPTUNE\Administrator
     Process.exe  1132       1        8   0 NEPTUNE\Administrator
Additional switches can be used to display User and Kernel Times (-t) or the Creation Time of processes (-c).
Kill Processes . . .
Processes can be killed immediately (terminated without saving files or cleaning up) by specifying either the name or the PID (Process IDentifier). In cases where there are multiple processes running with the same name and your desire is to kill a specific process you will need to use the PID.
C:\>process -k 748

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.01
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 748 'winword.exe'
If an image name such as iexplore.exe is specified, the utility will kill all processes by that name.
C:\>process -k iexplore.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.01
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 996 'iexplore.exe'
Killing PID 1832 'iexplore.exe'
Killing PID 1852 'iexplore.exe'
Killing PID 1692 'iexplore.exe'
Close Processes . . .
On the other hand if you want to gracefully close programs by sending them a WM_CLOSE message first, you can used the -q option. This allows processes to clean up, save files, flush buffers etc. However it can cause deadlocks. e.g trying to close Microsoft Word when a unsaved, but edited document is open will generate a dialog box "Do you want to save changes to document 1?". This will prevent winword.exe from exiting until a user responds to the prompt.
C:\>process -q wordpad.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.01
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Sending PID 1836 'wordpad.exe' WM_CLOSE Message. Timeout is 60 seconds.
wordpad.exe (PID 1836) has been closed successfully.
When this option is used a WM_CLOSE message is immediately sent to the process. It then waits up to a default of 60 seconds for the program to clean up and gracefully close before it is killed. The different timeout can be specified as an option after the PID/Image Name.
Suspend & Resume Processes . . .
Processes can be suspended if you need some extra CPU cycles without having to kill the process outright. Once the requirement for the extra CPU cycles has passed you may resume the process and carry on from where you left off. The process is suspended by sleeping all the processes' active threads.
C:\>process -s winword.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.01
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Suspending PID 748 'winword.exe'
Threads [1084][308]
Suspending a process causes the threads to stop executing user-mode (application) code. It also increments a suspend count for each thread. Therefore if a process is suspended twice, two resume operations will be required to resume the process (Decrement the suspend count to zero).
Change the priority of processes . . .
When viewing the list of processes, the 4th column shows the base priority of a process. This is a numeric value from zero (lowest priority) to 31 (highest priority). You may set the base priority of a process by specifying one of the priority classes below.
Low
4
BelowNormal
6
Normal
8
AboveNormal
10
High
13
Realtime
24
Please note Windows NT4 does not support the Above Normal and Below Normal priority classes. Specifying these two parameters on a Windows NT4 machine will result in a " The Parameter is incorrect " error.
C:\>process -p winword.exe high

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.01
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Setting PriorityClass on PID 748 'winword.exe' to 128

Change the affinity of processes . . .
The affinity is a mask which indicates on which processors (CPUs) a process can run. This is only useful on multiprocessor systems. When the -a option is used in conjunction with a process name or PID, the utility will show the System Affinity Mask and the Process Affinity Mask. The System Affinity Mask shows how many configured processors are currently available in a system. The Process Affinity Mask indicates on what processor(s) the specified process can run on.
C:\>process -a wordpad.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.01
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Getting Affinity Mask for PID 1084 'wordpad.exe'
System  : 0x0001 0b00000000000000000000000000000011  [2 Installed Processor(s)]
Process : 0x0001 0b00000000000000000000000000000011
To set the affinity mask, simply append the binary mask after the PID/Image Name. Any leading zeros are ignored, so there is no requirement to enter the full 32 bit mask.
C:\>process -a wordpad.exe 01

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.01
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Setting Affinity Mask for PID 1084 'wordpad.exe'
Affinity Mask Successfully Set to 00000000000000000000000000000001


Download
  • Version 2.03, 25K bytes. (Freeware)
    Now supports Windows NT4 Workstation and Server, plus continued support for Windows 2000/XP in a single executable.
    • Revision History
      • 5th June 2003 - Version 2.03
        • Added -c switch which displays the creation times of processes.
      • 29th May 2003 - Version 2.02
        • Corrected Inaccurate CPU % Times.
        • Added -t switch which displays both User Mode and Kernel Mode CPU times.
      • 15th May 2003 - Version 2.01
        • Fixed memory allocation errors for systems with greater than 100 processes. Application will handle a maximum of 65535 processes.
        • Fixed bug in -q, -k when used with PID. Specifying a PID would kill all processes with the same name than the specified process.
        • Fixed bug with the -a switch when used with PID.
      • 26th April 2003 - Version 2.00pre1 (Pre-Release Beta)
        • Caved in to overwhelming demand for support for Windows NT4. Rewrote code to detect operating system and use appropriate API calls plus a couple of undocumented calls to provide all the functionality of previous versions yet across all three NT platforms.
        • Added preliminary support for the setting and display of Affinity Masks for multi processor systems.
        • Added support for killing multiple processes by name. e.g using -k iexplorer.exe will kill all running instances of Internet Explorer, something previously accomplished by a batch file.
        • Added the ability to specify the timeout for the -q option.
        • Improved OpenProcess access so CPU time can now be sought from processes we don't have adequate rights too.
      • 15th April 2003 - Version 1.03
        • Modified string to number conversion to correct problem with strings contain leading numbers. eg process -s 3dsmax.exe would try to suspend the process with PID 3 and not 3dsmax.exe.
        • Added -q Send WM_CLOSE message option. This will gracefully issue a WM_CLOSE message to the program and wait for it to close.
      • 21st December 2002 - Version 1.01
        • Corrected problems with exit codes
          • 0 = Success (Process found and desired action performed)
          •  
          • 1 = Miscellaneous Error.
          • 2 = Cannot find Process (No processes left my this name)
      • 22nd September 2002 - Version 1.00
        • First release to public.

    Other Unique and Innovative Software Solutions from Beyond Logic
    • Trust-No-Exe - An executable filter for Windows NT/2000/XP
      Allow users to run trusted applications from defined directories, while preventing the execution of non-trusted programs from floppy disk and CDROM drives or from the users e-mail attachment directory. Stop PE viruses in their tracks where on Windows platforms year, nine out of ten of the top viruses were spread via e-mail.

    • BeyondExec - Spawn Processes and/or Shutdown Remote Windows NT/2000/XP WorkStations.
      Have you ever wanted to run a process such as an application installer, service pack, virus signature update etc or shutdown a single or group of remote computers without having the burden of installing any remote client on your target computers?

    • Bmail - Command Line SMTP Mailer for Batch Jobs
      Bmail is a free but lean command line SMTP mail sender. Bmail allows the user to automate the sending of email messages containing log files, data downloads or error messages on Win32 based computers.

    • Delete/Copy by Owner utility for Windows NT/2000/XP
      Have you ever had the need to find, copy or delete files that were owned by a certain user? A great way to back up files created by previous employees or to clean workstations when one leaves.

    • PortTalk - A Windows NT/2000/XP I/O Port Device Driver
      A problem that plagues Windows NT/2000/XP, is it's strict control over I/O ports. Unlike Windows 95, 98 or ME, Windows NT/2000/XP will cause an exception (Privileged Instruction) if an attempt is made to access an I/O port that your program is not privileged to access. The PortTalk driver allows existing programs to access selected I/O ports.

    No comments:

    Post a Comment