当用户启动另一个 exe 文件/程序时,在 c# winforms 程序中检测
[英]Detect in c# winforms program when user start another exe file / program
问题描述
I am developing an antiheat c# program that communicates with my game server.
我正在开发一个与我的游戏服务器通信的 antiheat c# 程序。 The program when started needs to check started programs and scan for bad ones.程序在启动时需要检查启动的程序并扫描坏程序。 Also it needs to scan the started programs continuously, because users can run exe applications to cheat in game.还需要不断扫描启动的程序,因为用户可以运行exe应用程序在游戏中作弊。
The problem is that programs can be rewritten (aimbot.exe to something.exe) so the detection can't be done by name.问题是程序可以被重写(aimbot.exe 到 something.exe),所以检测不能通过名称来完成。 How could I detect active running programs?如何检测正在运行的活动程序? Also would it be viable to find exe files from open programs, then get the MD5 hash from those exe files and compare them to a list of known cheat programs?从打开的程序中找到 exe 文件,然后从这些 exe 文件中获取 MD5 哈希值并将它们与已知作弊程序列表进行比较是否可行? Is it possible, or there is a better solution?是否有可能,或者有更好的解决方案?
EDIT: The main problem is AimBot - it is an application designed to automatically aim at a player, you just need to press left mouse button to shoot, and every hit is 100% accurate.编辑:主要问题是 AimBot - 它是一个旨在自动瞄准玩家的应用程序,您只需要按鼠标左键即可射击,并且每次命中都是 100% 准确的。 My program is for a mod Gta San Andreas Multiplayer, so is there a way maybe to detect if some application attaches to the game?我的程序适用于 mod Gta San Andreas Multiplayer,那么有没有办法检测某些应用程序是否附加到游戏中?
1 个解决方案
解决方案1
0 已采纳 2014-03-22 20:57:12
You could get a list of the currently running processes using the Process.GetProcesses() method:您可以使用Process.GetProcesses()方法获取当前正在运行的进程的列表:
try
{
var processes = Process.GetProcesses();
foreach (var process in processes)
{
Console.WriteLine(String.Format("{0} - {1}", process.Id, process.ProcessName));
Console.WriteLine(process.MainModule.FileName);
}
}
catch (Exception exception)
{
Console.WriteLine(exception.Message);
}
Using the Process object, you could retrieve information like full file name, type, start time, and so on, in order to calculate the check sum from the file size for example.使用Process对象,您可以检索诸如完整文件名、类型、开始时间等信息,以便根据文件大小计算校验和。
You can calculate the MD5 hash for example for the process name using the MD5 ComputeHash() method like this:例如,您可以使用MD5 ComputeHash()方法计算进程名称的MD5 哈希,如下所示:
try
{
var md5 = MD5.Create();
var processes = Process.GetProcesses();
foreach (var process in processes)
{
var md5Hash = md5.ComputeHash(Encoding.ASCII.GetBytes(process.ProcessName));
var md5HashAsBase64 = Convert.ToBase64String(md5Hash);
Console.WriteLine(String.Format("{0} - {1} - {2}", process.Id, process.ProcessName, md5HashAsBase64));
}
}
catch (Exception exception)
{
Console.WriteLine(exception.Message);
}
You can pull the list of the running processes constantly with the above code, or you could intercept the creation/start of new processes using windows hook.您可以使用上述代码不断拉取正在运行的进程列表,或者您可以使用 windows hook拦截新进程的创建/启动。 The problem is, that the second option is not an easy matter.问题是,第二种选择不是一件容易的事。 You could find more info about hooks: here - Hooks in Visual Studio with C# , Windows hooks and here Windows Hooks with .NET Framework .您可以找到有关钩子的更多信息:此处 - 带有 C# 的 Visual Studio 中的钩子、 Windows 钩子和此处的带有 .NET Framework 的 Windows 钩子。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.