问题
I was wondering if there is a way I could hook the windows processes to check if any suspicious programs are running like (Wireshark, Fiddler, OllyDBG, etc).
I want to hook the windows processes so it will close the client or pop-up a message in real time when it detects a unwanted process.
If you guys can provide me with any links to doing this that would be nice.
Thanks!
回答1:
Process[] processlist = Process.GetProcesses();
Then walk the list and do as desired for your apps you do not want to run.
回答2:
You can detect process creations by using WMI creation events for Win32_Process. An instance of Win32_Process is created with each process, so looking new instances will tell you about process creation in (near) real time.
To receive WMI creation events see this page: http://msdn.microsoft.com/en-us/library/system.management.eventquery.aspx (EDIT: different link, now to sample in C#).
回答3:
EnumWindows enumerates all top level windows.
And you don't want to inject a C# dll into other processes. This requires the .net runtime to be loaded into that process. This wastes RAM, and if the process is a .net app using a different version of .net then there are versioning problems. Especially if your dll is injected before the process loads its own version of .net.
And what to you want to achieve by injecting into that process you can't achieve from the outside?
回答4:
You might want to check out EasyHook on CodePlex (http://easyhook.codeplex.com). Here is some discussion where people reportedly have been able to hook into CreateProcess. If you manage to hook into that API function you know of the created process at creation time.
来源:https://stackoverflow.com/questions/3902404/c-sharp-hook-windows-processes-to-check-for-debugging-processes