2

I'm developing a very simple 3rd party anti-cheat app in C#. I've managed to create a code that will scan any .exe for forbidden strings like "aimbot" and "hack". But the way I did it is, you browse for a file to scan and click a button to scan it - and this works great. What I want now is that my tool will check the running user processes and scan them automatically. Is that even doable?

capoeira
  • 27
  • 4
  • You should do some research before asking a question. http://stackoverflow.com/questions/599663/retrieve-a-complete-processes-list-using-c-sharp – Jan Deutschl Oct 04 '16 at 11:50
  • Possible duplicate of [How can I know if a process is running?](http://stackoverflow.com/questions/262280/how-can-i-know-if-a-process-is-running) – Swagata Prateek Oct 04 '16 at 11:53

1 Answers1

0

If you already know the process names you want to go for, you can go with this.

    Process[] processMame = Process.GetProcessesByName("yourProcess");
    if (processMame.Length > 0)
    {
        /// You got your process here
        /// Do whatever you want 
    }


    Process[] processlist = Process.GetProcesses();
    foreach (Process process in processlist)
    {
        Console.WriteLine($"Process: {process.ProcessName} ID: {process.Id} Path: {process.MainModule.FileName}");
    }

You might want to make sure your app runs on administrator mode to do so. If you want the executable path you'd find it here on process.MainModule.FileName

Update:

I tried out opening a running executable and I was right on the fact that I would end up in an access violation even if Im administrator as that file is being used by other process now.

My suggestion would be if you want to check out an existing process, kill/dispose it, open it and do whatever you're supposed to do and if you feel this is not harmless, you restore it back.

You might need to make sure that your app has administrator privileges through manifest defined here.

For going for processes in current session:

If you want to have the processes in current active session (current active user who is logged in), you might want to go for something like:

    Process[] runningProcesses = Process.GetProcesses();
    var sessionId = Process.GetCurrentProcess().SessionId;

    var currentSessionProcesses = runningProcesses.Where(c => c.SessionId == sessionId).ToList();

    foreach (var process in currentSessionProcesses)
    {
        Console.WriteLine($"Process: {process.ProcessName} ID: {process.Id} Path: {process.MainModule.FileName}");
    }
Community
  • 1
  • 1
Swagata Prateek
  • 1,076
  • 7
  • 15
  • I don't know the process name, because it can be any cheat app that's why I need to scan all application running by a user – capoeira Oct 04 '16 at 12:13
  • How are you actually "scanning" this. You do get all the process lists right away and try to attach yourself to the process, but Im not sure that would be very fruitful – Swagata Prateek Oct 04 '16 at 12:59
  • It's simple it's like opening .exe in simple notepad and searching for forbidden phrase. As I mentioned I have the structure, my app reads a path to .exe from textbox but I need to write that path manually. What I need is something (no sure if my logic here is correct) that will read the running app paths, save the to file so then my script can 'check' them for forbidden strings. – capoeira Oct 04 '16 at 13:47
  • I updated my answer. You can find the executable path name from `process.MainModule.FileName`. Im not sure opening it as a text file would spawn any access violations. Be back with that soon – Swagata Prateek Oct 04 '16 at 14:01
  • Thank you, I think I'm getting there, I'm left with two problems 1st, this code produced and error when opening my app "A 32 bit processes cannot access modules of a 64 bit proces" and 2nd, is it possible to filter results to show only apps running by the user instead of all processes. – capoeira Oct 04 '16 at 14:33
  • First of all, try building your app on an Anycpu mode to make it adaptive to CPU specific issues. Im sure about getting owner info of a process, not sure that you can filter it out by username. Lemme try. – Swagata Prateek Oct 04 '16 at 15:08
  • I updated my answer with more info so you can have only processes on current session. Kindly upvote/mark my answer if it works for you. Have a nice day. – Swagata Prateek Oct 04 '16 at 15:14