Komodia's Usermode Watchdog

From Komodia


psd denotes password which is client specific

  • Install the service (on XP user must be administrator, on Vista and above user must be administrator with UAC privileges)
ProtectorServiceExe.exe install psd
  • Start the service (service is set at automatic start, but requires a first time start)
sc start ProtectorServiceExe
  • Load the files (it's important to make sure CurrentDirectory is the one where the service is deployed at):
ProtectorServiceExe.exe load psd 1.txt 2.txt 3.txt 4.txt
    • 1.txt - Registry to protect file
    • 2.txt - Processes to start file
    • 3.txt - Processes to terminate file
    • 4.txt - Files to protect file

  • Start the protection:
ProtectorServiceExe.exe start psd

File format

Registry file

"type","registry key"

Type can be either "v" for value of "k" for key, key protection protects the key and all subkeys/subvalues.



Processes to start file


Type can be either "p" for process or "s" for service.



Process to terminate file


Type can be either "p" for process or "s" for service.



Files to protect file

"source file","shadow file"

The service will replicate the source file into the shadow and protect both.



Getting the file from the SDK

You can get the base files from the SDK containing the entries needed to protect the SDK (you can add your own entries to these files)

Via command line

Call the command line method:

PCProxy /Files

It will create three files in the directory where the proxy is:

  • reg.txt - Registry file
  • file.txt - Files file
  • proc.txt - Processes file


Call the method from DataController:

GetUserWatchdogFiles(BSTR bRegistryFile, 
		     BSTR bFilesFile, 
		     BSTR bProcessFile,
		     long lAppend)

Uninstalling the protector

  • Stop the service:
ProtectorServiceExe.exe stop psd
  • Uninstall the service:
ProtectorServiceExe.exe uninstall psd