0

I'm writing an application in C# and for security reasons it is important for me to know when its process(Process A) has been killed or closed.

My first thought is to make another process (Process B) watch Process A and react accordingly if this process no longer exists. The problem is obvious, though: Closing Process B will make it possible to close Process A.

This is probably a (kind of)common situation and as such, there is likely already a solution for it. Unfortunately I wasn't able to find one.

What are common ways to achieve this?

AsPas
  • 359
  • 5
  • 22
  • 1
    Does this answer your question? [C# detect process exit](https://stackoverflow.com/questions/9432870/c-sharp-detect-process-exit) – Sinatr Jun 23 '20 at 13:28
  • No, because some kind of process or application (in my question Process B) will have to watch Process A. If I just end Process B before Process A, I will not be able to react to Process A termination – AsPas Jun 23 '20 at 13:30
  • I'm assuming that Process B's job is to clean up in case Process A crashes. If you make Process B as simple as possible, then you can minimize the chance that it itself crashes. If the end user uses Task Manager to terminate Process B, then that's their problem. Another option is to have Process A commit suicide if it notices that Process B has died. But what you don't want is some conspiracy of unkillable processes. – Raymond Chen Jun 23 '20 at 14:19
  • 1
    Closing either through command line or Task manager is what I want to detect specifically. The user is free to end the process but doing so should trigger a clean up routine. This, again, is for security purposes so it is not optional. Process B is just theoretical. My goal is to detect if Process A just been closed or terminated (by any means) and trigger a clean up procedure if so. – AsPas Jun 23 '20 at 14:27
  • If these programs run as the user, the user has full control over them and can terminate them while bypassing any cleanup. (For example, the user could attach a debugger to the processes and patch out the code that does the cleanup.) Typically, this falls in the category of "The user got what they deserved." They left their own data insecure and are now paying the consequences. If you need to prevent the user from making their own life miserable, the enforcement will have to come from another security level. E.g., have Program B be a service. – Raymond Chen Jun 26 '20 at 14:36
  • The issue is that the program A is a watchdog program that runs inside of a Sandbox. Its purpose is to keep the user from messing with the windowsregistry. If the user does decide to do this, the watchdog program will simply close the Sandboxed session and the user will return to his desktop. I understand the implications of a mythical "unkillable process", but that would be very pertinent in my situation, since the user can always just close the sandbox. I guess I will have to rethink a good chunk of the system. Thanks anyway! – AsPas Jun 26 '20 at 15:18

1 Answers1

0

You can make use of the Process.Exited Event. By subscribing to this event, you can have a callback which will be called when the process has exited or has been terminated.

There is a good example on how to use it in the documentation : https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.process.exited?view=netcore-3.1

S_Mindcore
  • 93
  • 1
  • 10
  • I will test this. But I'm pretty sure if you kill the parent process the event will not trigger. – AsPas Jun 23 '20 at 13:42
  • 1
    On SO we prefer to close questions as duplicates, instead of giving answers again and again to similar questions. See [this answer](https://stackoverflow.com/a/9432911/1997232). I already voted this question as duplicate of that. I give it what you may post answer without seeing my comment. – Sinatr Jun 23 '20 at 14:47
  • I must admit that I did not search for potential existing questions before answering this one, sorry about that :) You're right, I'll mark it as duplicate too ! – S_Mindcore Jun 23 '20 at 14:55