0

Does System.Diagnostics.Process.Start() hook into the process it starts?

I would like to find a way to run a process from a C# app without the process knowing that it started as a result of the C# app. Is this the default behavior of Process.Start(), or do I need to do anything different / extra?

In other words, does the process being started have any way of telling that it was run from a C# app, or is it just like any other file being opened?

Little Catman
  • 13
  • 8
  • Pass it some arguments ;) – Luke Hutton Apr 06 '15 at 23:46
  • The top answer for this question http://stackoverflow.com/questions/17321289/use-process-start-with-parameters-and-spaces-in-path gives an example of how to do what you suggest. – Mathemats Apr 06 '15 at 23:47
  • 1
    Ideally, I would rather the application be **oblivious** to the C# app. That said, the default behavior is that it does not do anything special to the executable being run, and is no different than being run from desktop, or the like? – Little Catman Apr 06 '15 at 23:48
  • @Mathemats I don't believe that's what he is asking –  Apr 07 '15 at 00:14
  • @MickyDuncan Given his latest comment it would appear so. – Mathemats Apr 07 '15 at 00:51
  • 1
    Why would you want this? – Sam Axe Apr 07 '15 at 01:20
  • Why is this so important after all? Does the target program behaves differently is it's started from Explorer rather your own program? I still have to see a Windows program that cares about this at all. – Alejandro Apr 07 '15 at 01:26

1 Answers1

3

I would like to find a way to run a process from a C# app without the process knowing that it started as a result of the C# app

In other words, does the process being started have any way of telling that it was run from a C# app, or is it just like any other file being opened?

C# apps are run as a Window's process and due to that fact, the spawned process may use the Win32 function Process32First() to query information about the parent, specifically the parent process ID. Now it is entirely possible that by the time the child process obtains this information the parent may have terminated and Windows re-used the process ID for an entirely different process. Regardless, the child process could test the "parent" process to learn whether it is .NET or not.

Proxy

If you want to prevent the child process learning anything about your process (in this case whether it is .NET) then you could spawn it via a proxy.

In the diagram below, A is your process; Z is your spawned process. ---> is a spawning operation.

Change:

A ---> Z

...to:

A ---> P ---> Z

...where P is an intermediate proxy process that runs Z on your behalf. P exits immediately after creating the process. It will be highly improbable that Z could back-track back to A.

Make the Proxy Native Code

I would like to find a way to run a process from a C# app without the process knowing that it started as a result of the C# app

To further hide the fact that the immediate parent is not .NET, consider making the proxy in native code.

Make the Proxy an Out-of-process COM Server

Unlike the prior intermediate proxy example in c# or native code, there still exists the possibility that a process lineage may be learned back to your .NET app.

However if your A process instantiates a COM object hosted in a OoP COM Server P, then the spawned process will not be able to trace it back to you because I'm pretty sure COM-activation is different to spawning a new process and so may not be subject to inheritance. Particularly if the COM Server is long-running and was running prior to A.

---> **P**...
          |
          |
          V
          **Z**...
      
------> **A**...

Tell me more

Community
  • 1
  • 1