How to make a program that boots before any services start?

Question

3.00/5 (5 votes)

See more:

Hi guys what's up!!!

I have a quesion needs to be answered :)...

How to Make a program that boots before any services start????????

let me explain my quession, if I want to program an anti-virus for example and this anti-virus when try to delete an active virus, first the virus must located and then it's must be stoped from its running in a process, in this case the computer must restart so no processes are active in when the system booting and then we can easly delete it from the hard disk..... when I mention "the computer must restart when the system booting" that's mean I must make my anti-virus run before any processes or services get started so I can delete that virus from hard disk....

Ofcourse, you wander "why when system boot, why you just stop this virus from processes list?" it's a good quession but some viruses have the ability to hide in the system and in the memory so can't to delete it......

I hope you have answer to my quession....... :)

thanks

Posted 15-Mar-12 4:00am

Rasool Ahmed

Updated 15-Mar-12 4:03am

v2

Add a Solution

5 solutions

Solution 1

As far as I know, this file deletion is typically done using a windows feature.
One simply marks a file for deletion at reboot by either calling MoveFileEx, with MOVEFILE_DELAY_UNTIL_REBOOT as the third param.

This places keys in the registry which are processed the next time the machine boots.

See here for more info:
http://stackoverflow.com/questions/7777874/how-to-cancel-deferred-movefileex-operation[^]

However, this still doesn't solve the problem of locating and identifying files in an already compromised system. Since, as you mention - some virii are able to hide themselves from both Directory listings and ProcessList listings.

Posted 15-Mar-12 4:10am

enhzflep

Updated 15-Mar-12 4:11am

v2

Comments

[no name] 15-Mar-12 11:15am

Yes this solve will make my program delete the virus but how can I locate that virus, in this way when I make my program start at the system boot will check my hard drive for a viruses and delete before the virus can run......

Solution 3

I don't think you can. I think this is wrong approach, especially if you are dealing with the virus. And if you are dealing virus, especially with a root kit, you should not load OS anymore. Instead, either boot with other disk, presumably a CD/DVD with special system-saving tools on it, or remove the hard drive and connect it to another, healthy system (make sure you don't have even a tiny chance to boot you drive, otherwise you can infect one more system!) and deal with you disk without booting OS on it.

It's very good to always have a stand-along docking system connected to a PC via USB-2 or USB-3 and/or eSATA, where you can plug your drives. Such systems are inexpensive, good for many other works (like backups and transferring or restoration of data in other cases) and can really save you from a real disaster.

If you use a second way, I would advice not to cure the virus. Instead, just save your data and then reinstall the OS.

—SA

Posted 15-Mar-12 9:59am

Sergey Alexandrovich Kryukov

Comments

Espen Harlinn 15-Mar-12 19:05pm

5'ed!

Sergey Alexandrovich Kryukov 15-Mar-12 19:23pm

Thank you, Espen.
--SA

Solution 4

You would essentially have to write what amounts to a rootkit.

Posted 15-Mar-12 10:54am

#realJSOP

Comments

[no name] 16-Mar-12 3:55am

Can you explain more?!

Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Gregory Gadow · Accepted Answer · 2012-03-15T04:31:00

Solution 2

Assuming you are asking about Windows, I don't believe you can: the system must completely boot before applications can be started, and a complete boot requires that services be up and running. As I remember, the launch process is

1. Load the BIOS kernel
2. Perform hardware checks
3. Launch the hardware drivers
4. Launch the core services
5. Launch the all-users at-startup services
5. Wait until the user logs in
6. Launch the user's at-startup services
7. Launch the user's at-startup applications
8. Launch the delayed-startup services

Added: I believe most anti-virus software operates as an all-users at-startup service with a very high priority, meaning that it is one of the very first pieces outside the core system to be activated. The likelihood that a virus would start before then is pretty small: a lot of the security work Microsoft has been doing to Windows in the last few years has involved checks to make sure that drivers, core services and other system infrastructure have not been tampered with. If one of the infrastructure components did get infected, it is probably too late to eliminate the virus itself; you would need to wipe the harddrive and reinstall the operating system from an uninfected source.

Of course it would be possible to have a driver that was tampered with (a trojan rather than an actual virus); there is not much that can be done about that other than being very careful about where you get your drivers.

Posted 15-Mar-12 4:31am

Gregory Gadow

Updated 15-Mar-12 4:40am

v2

Comments

[no name] 15-Mar-12 11:13am

No my friend, I am not asking about windows, I quession is how to run my program before any processes run? I mean when my anti-viruses locate that virus and schedule for virus paths, at the next startup the anti-virus will delete these viruses ( as schedule said ) from the hard drives before any programs get started.... you know what I mean????!

enhzflep 15-Mar-12 11:45am

I disagree!
In orig post, you wrote "How to Make a program that boots before any services start????????"

Based on the fact you had VB.NET as one of the tags for the question, I took a punt & assumed you were using windows. Though, that was an assumption.

Gregory.Gadow also furnished you with an answer. A far more complete (and relevant) solution than mine, I might add.

Clearly, Greg's post provides a quick overview, followed by a step-by-step rundown of system boot, followed by telling you by what means anti-virus software is able to load so early in the boot process.

Short of providing you compilable code, Greg's post couldn't have been better directed at answering the question as posed.
Now, if what you wish to know is other than what you've asked - then that's a different question altogether.

Now then, nick-off and do some research on (1) how to write a service (2) how to install (it) so that it runs very early in the boot process (3) how to ensure that it runs for all users.

Dave Kreskowiak 15-Mar-12 13:45pm

You can't do it in VB.NET. "Before any processes start" also includes stuff like the Windows Kernel, drivers, kernel-level processes, which you cannot preempt with managed code because the .NET Framework runs ON TOP OF the kernel level stuff. If the .NET Framework cannot run yet, your code cannot run yet either.

Simply, you cannot do what you want to do using .NET code.

[no name] 15-Mar-12 15:14pm

you right about that, so I have must program it in C++ or assembly.....

do you agree with that???

Gregory Gadow 15-Mar-12 15:21pm

Your choice of framework will not make any difference. Even if you could interrupt the OS bootup -- and most operating systems will not let you do that -- the system will not be in any state capable of executing your code, because it has not finished booting.

[no name] 15-Mar-12 15:24pm

Alright that's it, what you suggest for me to do so I can solve my problem?

Dave Kreskowiak 15-Mar-12 15:37pm

Virus software usually has a driver (executes in the kernel space) that handles this stuff. But, you are not going to get loaded before the kernel processes start, ever!

Yes, the best choice for this is C/C++. There's no need for assembler in this case.

Have fun! Good Luck! You're going to need it.

Oh! Get the Windows WDK. You really can't do any of this stuff without it. And pickup a couple of books on Windows Internals, because you don't appear to have the prerequisite knowledge of how Windows works, when things are loaded, how they are loaded, the security involved, blah, blah, blah, ...

Windows Internals 5: http://www.microsoft.com/learning/en/us/book.aspx?id=12069

Windows Internals 6 comes out next month: http://www.amazon.com/Windows-Internals-Part-Covering-Server/dp/0735648735/ref=sr_1_1?ie=UTF8&qid=1331840108&sr=8-1

You'll also need to cover Windows Device Drivers: http://www.amazon.com/Windows-Device-Addison-Wesley-Microsoft-Technology/dp/0321670213/ref=sr_1_1?s=books&ie=UTF8&qid=1331840187&sr=1-1

Windows WDK: http://msdn.microsoft.com/en-us/windows/hardware/gg487428

[no name] 15-Mar-12 12:18pm

Dear my friend, I know I have did wrong with my explaination, because I'm a little confused with my problem the picture in my head not stable, only I want is kill that virus before get started... looks I have out of mind... sorry!!!
but any way I will search in these tips and I will post a solution here if I have it..... thank you for your corporation....
but one last thing do you have a refrences (ex. msdn) about how to make the service runs early when the system boot????.

**`Randor`** · Accepted Answer · 2012-03-15T16:51:00

Solution 5

Hi,

Yes you can absolutely do this. You would need to build a "Native Application" and add the application to the to the HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute registry key. These native applications are executed by the session manager right before the system services start.

Best Wishes,
-David Delaune

Posted 15-Mar-12 16:51pm

Randor

Comments

[no name] 16-Mar-12 3:56am

yes, thank you very much.... :)
this is the absolutely the answer........ thank you for all of you.

How to make a program that boots before any services start?

5 solutions

Solution 1

Solution 2

Solution 3

Solution 5

Solution 4

Add your solution here

Preview 0

How to make a program that boots before any services start?

5 solutions

Solution 1

Solution 2

Solution 3

Solution 5

Solution 4

Add your solution here

Preview 0

Existing Members

...or Join us