-1

I'm trying to make a security software in C# which monitors all the words on other processes and act when a specific word is found. Example: my application would show a message box saying "Beware the viruses!" when any other running process contains the word "torrent". I hope anyone got my idea.

Update:
Oh, and for who realize it yet, it's still a crude idea. That's why I gave a very simple example (which I know would be useless on a real program).

Update 2: The why
I know a software called Block Free 4. It blocks programs which contains the blacklisted words. It's a lightweight software and Works well. But I'd like to improve these features and make a better program.

tkpb
  • 318
  • 3
  • 13
  • a `process` is just a bunch of executable computer code, and some execution context. I have no idea what you mean by *"other process contains the word 'torrent'*, And You have not asked a question here. Close voting. – Federico Berasategui Mar 10 '14 at 02:48
  • 4
    I sounds like YOUR program is the one to fear. – Steve Wellens Mar 10 '14 at 02:55
  • @SteveWellens You got all those reputation points making useless comments and being gooey like that? Or you just got tired of helping others when reached high reputation points? – tkpb Mar 17 '14 at 02:39

3 Answers3

0

This does not sound like a good idea, except maybe as a joke program. It would be absurdly slow, and would become classified as malicious, as well as useless. However, there is at least some educational value in this.

It should be possible as long as you are running as admin. Note that even admin cannot perform this action on certain System processes.

First, you will need to acquire SeDebugPrivilege. See this example.

Then, you need to enumerate all processes. See this example: http://msdn.microsoft.com/en-us/library/windows/desktop/ms682623(v=vs.85).aspx

Then, use Open Process on every PID, using PROCESS_ALL_ACCESS. If you get ERROR_ACCESS_DENIED, you probably didn't acquire SeDebugPrivilege correctly.

Use ReadProcessMemory to read the process's memory and store it in a buffer. Some processes will have a massive amount of memory and you will probably need to break it into chunks. You will also need to be robust in your error handling.

Then, scan the buffer for your desired string, and do something if you find it.

You would probably repeat all of the above every 10 seconds or so.

Note: From C#, you will need to p-invoke for these API's. C# is not the best language for this type of nonsense, but it's possible... I recommend native code, however.

VoidStar
  • 5,241
  • 1
  • 31
  • 45
  • Yeah, I thought about slowness, but I wanted to hear the ideas. What if we get the words only of the focused window? – tkpb Mar 10 '14 at 17:59
  • That would be better, but still expensive. – VoidStar Mar 11 '14 at 19:06
  • So let's limit it to the words on the window title and web browser adresses. Now i think it would be a lightweight app. – tkpb Mar 12 '14 at 02:29
  • Well, your answer was the right one, though my question was the wrong thing. – tkpb Mar 17 '14 at 02:34
0

Debuggers such as Windbg have in-memory string search functionality.

Related: https://stackoverflow.com/a/10602366/2855568

In addition to the existing answers, WinDBG is a GUI front end for the DbgEng API. You can use this API to write either WinDBG extensions or other standalone applications. The WinDBG SDK ships with samples of both, an example standalone application can be found in the \sdk\samples\dumpstk subdirectory of your WinDBG install.

For more information, I wrote an article about DbgEng to write extensions here:

http://www.osronline.com/custom.cfm?name=articlePrint.cfm&id=559

Most of that will also apply for how you write a standalone application as it mostly focuses on the programming pattern of the DbgEng interface.

Community
  • 1
  • 1
DeveloperGuo
  • 636
  • 5
  • 15
0

Well, VoidStar gave the correct answer for my initial question, and I think it's going to be useful to others in the future anyway. But that's not really useful for me, as I don't want all the problems that would involve. I figured out that I would have to stick to a more simple way to achieve that. By:

Getting the window title: How do I get the title of the current active window using c#?

Getting the URL from web browsers (helped, but didn't solve): Get URL from browser to C# application

These two actions looks to be all you can do to make a good applications with my objectives.

I hope I helped. And thanks to everyone that actually helped.

Community
  • 1
  • 1
tkpb
  • 318
  • 3
  • 13