How to get strings from other processes

StackOverflow https://stackoverflow.com/questions/22291215

  •  12-06-2023
  •  | 
  •  

Frage

I'm trying to make a security software in C# which monitors all the words on other processes and act when a specific word is found. Example: my application would show a message box saying "Beware the viruses!" when any other running process contains the word "torrent". I hope anyone got my idea.

Update:
Oh, and for who realize it yet, it's still a crude idea. That's why I gave a very simple example (which I know would be useless on a real program).

Update 2: The why
I know a software called Block Free 4. It blocks programs which contains the blacklisted words. It's a lightweight software and Works well. But I'd like to improve these features and make a better program.

War es hilfreich?

Lösung

This does not sound like a good idea, except maybe as a joke program. It would be absurdly slow, and would become classified as malicious, as well as useless. However, there is at least some educational value in this.

It should be possible as long as you are running as admin. Note that even admin cannot perform this action on certain System processes.

First, you will need to acquire SeDebugPrivilege. See this example.

Then, you need to enumerate all processes. See this example: http://msdn.microsoft.com/en-us/library/windows/desktop/ms682623(v=vs.85).aspx

Then, use Open Process on every PID, using PROCESS_ALL_ACCESS. If you get ERROR_ACCESS_DENIED, you probably didn't acquire SeDebugPrivilege correctly.

Use ReadProcessMemory to read the process's memory and store it in a buffer. Some processes will have a massive amount of memory and you will probably need to break it into chunks. You will also need to be robust in your error handling.

Then, scan the buffer for your desired string, and do something if you find it.

You would probably repeat all of the above every 10 seconds or so.

Note: From C#, you will need to p-invoke for these API's. C# is not the best language for this type of nonsense, but it's possible... I recommend native code, however.

Andere Tipps

Debuggers such as Windbg have in-memory string search functionality.

Related: https://stackoverflow.com/a/10602366/2855568

In addition to the existing answers, WinDBG is a GUI front end for the DbgEng API. You can use this API to write either WinDBG extensions or other standalone applications. The WinDBG SDK ships with samples of both, an example standalone application can be found in the \sdk\samples\dumpstk subdirectory of your WinDBG install.

For more information, I wrote an article about DbgEng to write extensions here:

http://www.osronline.com/custom.cfm?name=articlePrint.cfm&id=559

Most of that will also apply for how you write a standalone application as it mostly focuses on the programming pattern of the DbgEng interface.

Well, VoidStar gave the correct answer for my initial question, and I think it's going to be useful to others in the future anyway. But that's not really useful for me, as I don't want all the problems that would involve. I figured out that I would have to stick to a more simple way to achieve that. By:

Getting the window title: How do I get the title of the current active window using c#?

Getting the URL from web browsers (helped, but didn't solve): Get URL from browser to C# application

These two actions looks to be all you can do to make a good applications with my objectives.

I hope I helped. And thanks to everyone that actually helped.

Lizenziert unter: CC-BY-SA mit Zuschreibung
Nicht verbunden mit StackOverflow
scroll top