So a common problem you may imagine when engaging in office warfare is that it is quite easy to just end task on an executable.  The problem with this is that once your program is killed it can no longer defend you or attack your friends.  So how do we handle this problem? Well there is a fairly simple way to go about it, and fortunately for you I am about to share that with you.

Here is the general idea, you create another program to go along with your application you are sending, this programs sole purpose is to watch the list of processes and if your main program gets killed it just restarts it.  Then you add a little code to your main program that does the same thing for the watcher program.  Then if either program is killed they rerun the other one before the evil killer of little cute programs has s chance to kill the other.

Lets look at some code.  First though this code requires a reference to System.Management.

''Code for primary process
Dim WithEvents watcher As System.Management.ManagementEventWatcher
Private Function watcherProcessAlreadyRunning() As Boolean
        Dim proc() As Process = Process.GetProcessesByName("WatcherProcess")
        Return proc.Length > 0
End Function  

Private Sub watcher_EventArrived(ByVal sender As Object, ByVal e As System.Management.EventArrivedEventArgs) Handles watcher.EventArrived  

        Dim proc As ManagementBaseObject = e.NewEvent("TargetInstance")  

        Dim name As String = proc("Name")
        If (name = "WatcherProcess.exe") Then
            ''Alert in some way that the watcher process was killed and restart it
            startWatcher()
        End If
End Sub  

Private Sub startWatcher()
        Dim procStart As New System.Diagnostics.Process()
        procStart.StartInfo.FileName = "WatcherProcess.exe"
        procStart.Start()
    End Sub  

    Protected Overrides Sub Finalize()
        If (Not IsNothing(watcher)) Then
            watcher.Stop()
        End If
        MyBase.Finalize()
End Sub
Private Sub frmMain_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load 

        If (Not watcherProccessAlreadyRunning()) Then
            startWatcher()
        End If 

        watcher = New ManagementEventWatcher("\\.\root\cimv2", "SELECT * FROM __InstanceDeletionEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'") ' AND Name = 'WatcherProcess'")
        watcher.Start() 

End Sub

So that is the primary Process’ additional information, basically we start a MangementEventWacher that looks for any process with the name WatcherProcess in it to end and raises an event when that happens. We catch that event and relaunch the WatcherProcess.

Lets look at the watcher process. A lot of the code is the same with just a few strings changed.

Dim WithEvents watcher As System.Management.ManagementEventWatcher

Private Sub frmMain_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        'Dim watcher As System.Management.ManagementEventWatcher
        watcher = New ManagementEventWatcher("\\.\root\cimv2", "SELECT * FROM __InstanceDeletionEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'") ' AND Name = 'MainProcess'")
        watcher.Start()
End Sub

Private Sub watcher_EventArrived(ByVal sender As Object, ByVal e As System.Management.EventArrivedEventArgs) Handles watcher.EventArrived

        Dim proc As ManagementBaseObject = e.NewEvent("TargetInstance")

        Dim name As String = proc("Name")
        If (name = "OfficeDefense.exe") Then
            Dim procStart As New System.Diagnostics.Process()
            procStart.StartInfo.FileName = "MainProcess.exe"
            procStart.Start()
        End If
End Sub

Protected Overrides Sub Finalize()
        watcher.Stop()
        MyBase.Finalize()
End Sub

Private Sub frmMain_Shown(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Shown
        Me.Visible = False
End Sub

The same stuff applies here, we start a ManagementEventWatcher that keeps an eye out for processes with the string MainProcess in their name, when that process is detected dieing you create a new one. The MainProcess also had a check in to make sure that if the watcher process is already running it doesn’t start another. This prevents there from being a lot of extra WatcherProcesses which in turn create a lot of extra MainProcesses.

That is all for today, tomorrow we talk about preventing your executable from being renamed so no one can rename the executable then kill the process. This is a problem because if they do then your watcher will be unable to relaunch the main app and visa versa.