0

Is there a way to programmatically detect if there is a LogMeIn session on the current Windows PC / user?

I have tried it in several ways (in C#, but the language is irrelevant):

  • Using a CPU performance counter, assuming that LogMeInRC.exe's CPU usage was substantially higher while in session. This approach is able to detect some sessions, but the error rate is way too high.
  • By monitoring the Performance Counters IO Write Bytes/s or IO Data Bytes/s of LogMeIn. This works only initially. If the session is older than a minute, these Performance Counters don't record any activity, even though LogMeIn still has network traffic.

Any hints?

Jonas Sourlier
  • 13,684
  • 16
  • 77
  • 148
  • Why aren't you just checking the logged-in users? There are a lot of answers to this, eg http://stackoverflow.com/questions/22609200/how-to-get-list-of-all-logged-in-users-using – Panagiotis Kanavos May 27 '14 at 07:07
  • The same user is logged in, no matter if the user is sitting in front of the PC or on a LogMeIn session. – Jonas Sourlier May 27 '14 at 07:08
  • That's not correct. The user name may be the same, the session/profile will be different. The OS knows whether a session is local or remote and how it was established. It's the info you get by switching to Task Manager's Users tab. You can get the same info using WMI, P/Invoke or the System.Management classes – Panagiotis Kanavos May 27 '14 at 07:11
  • I just checked on Task Manager's Users tab: The same and only user is listed there, regardless of whether I'm in front of the PC or in a LogMeIn session. – Jonas Sourlier May 27 '14 at 07:31

1 Answers1

1

Solved it by intercepting ETW traces:

var logmeinProcess = System.Diagnostics.Process.GetProcessesByName("LogMeIn").Single();
using (var session = new TraceEventSession("MyRealTimeSession"))         // Create a session to listen for events
{
    session.EnableKernelProvider(Microsoft.Diagnostics.Tracing.Parsers.KernelTraceEventParser.Keywords.NetworkTCPIP);
    session.Source.Kernel.UdpIpSend += (data) =>
    {
        if (data.ProcessID == logmeinProcess.Id)
        {
            lock (_logMeInUdpQueue)
            {
                _logMeInUdpQueue.Enqueue(DateTime.UtcNow);
            }
        }
    };

    session.Source.Process();
}

This way I get the number of UDP Sends by the LogMeIn process, which is perfect for detecting LogMeIn sessions.

Jonas Sourlier
  • 13,684
  • 16
  • 77
  • 148
  • 1
    Instead, do session.EnableProvider(new Guid("{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}"); this GUID is identified as Microsoft-Windows-Logon and you can use PerfView to see which exact event id you care about. – mjsabby Jun 03 '14 at 06:54