如何检查 Windows 进程是由用户还是其他进程启动的?
[英]How to check whether a windows process was launched by user or another process?
问题描述
My question is very similar to this one, but I am hoping for clarification.
我的问题与这个问题非常相似,但我希望得到澄清。 I'm asking about Windows in particular.我特别询问 Windows。 It is noted in the comments there that we can check the parent process.在那里的评论中指出,我们可以检查父进程。 That's fine, but I'm wondering how robust that is in practice.这很好,但我想知道这在实践中有多强大。
- When a user launches a program, can you count on the parent process to be always the same (and what would that be)?当用户启动一个程序时,您能否指望父进程始终相同(以及那会是什么)?
- Conversely, if a program is launched by another program, can it somehow be made to appear that a user launched it?相反,如果一个程序是由另一个程序启动的,是否可以以某种方式使用户启动它?
1 个解决方案
解决方案1
1 已采纳 2018-02-16 09:24:35
There is no reliable way to verify, whether a process was started in response to user interaction or not.没有可靠的方法来验证进程是否是响应用户交互而启动的。
When a user launches a program, can you count on the parent process to be always the same (and what would that be)?
No. There is an unbounded number of applications that users can interact with to launch a process (Windows File Explorer, Total Commander, Windows Command Prompt, ConEmu, Cygwin, and so on).否。用户可以与之交互以启动进程的应用程序数量不限(Windows 文件资源管理器、Total Commander、Windows 命令提示符、ConEmu、Cygwin 等)。 In addition, the parent process could long be gone by the time you are checking.此外,在您检查时,父进程可能早已消失。
Conversely, if a program is launched by another program, can it somehow be made to appear that a user launched it?
There is no property inherent to a process launched by a user.用户启动的进程没有固有的属性。 The question whether you can establish a property that doesn't exists is rather philosophical.你是否可以建立一个不存在的财产的问题是相当哲学的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.