Return process paths

[vitoto]

Hi guys, any know "How return the path the all .exe programs running in memory" ???

I enumerate process but need return name.exe and path the folder where is ejecuted.

Is posible using Reflector or similar ?

Thank you.

 

[JohnH]

[SIZE=2][COLOR=#0000ff]Dim [/COLOR][/SIZE][SIZE=2]localByName [/SIZE][SIZE=2][COLOR=#0000ff]As [/COLOR][/SIZE][SIZE=2]Process() = Process.GetProcessesByName("Notepad")
[/SIZE][SIZE=2][COLOR=#0000ff]For Each [/COLOR][/SIZE][SIZE=2]pcs [/SIZE][SIZE=2][COLOR=#0000ff]As [/COLOR][/SIZE][SIZE=2]process [/SIZE][SIZE=2][COLOR=#0000ff]In [/COLOR][/SIZE][SIZE=2]localbyname
msgbox(pcs.MainModule.FileName)
[/SIZE][SIZE=2][COLOR=#0000ff]Next
[/COLOR][/SIZE]

 

[vitoto]

thank

Hi man, you are the expert in process issues.

I go try that code, i working in big free proyect Anticheat and expert crackers try attack the proyect.

Maybe you have interest in participate in Credits and take some challengers.

I have complex challenger and not can get expert helping.

Read this :

I have game in memory and cheats need get pid the process for modify vars and active cheats options.

Exit cool comercial software called, Antihook 2.5 the Infoprocess.
http://www.infoprocess.com.au/AntiHook.php

This software protect process the attack the external programs.

Check this URL
http://kareldjag.over-blog.com/article-1232530.html


You have some ANy idea for make similar Protection ?

 

[vitoto]

AntiHook

AntiHook:


<SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">

 

[JohnH]

I think the best answer is

- learn in detail all the methods used to hook into other processes while they are running.
- learn in detail all the methods used to patch/crack other applications when they are not running.

- find ways to detect and block all these methods in runtime and/or startup.

So you understand this is an immensely big topic.

Detecting specific known processes that may posess the ability to make problems for you when they start (and just shut them down) is just one of very many things to do to protect yourself - and not a good one either.

What if (this is a retorical question!) someone wanting to cheat your game, hides his cracker in windows directory and names it Notepad.exe - Are you really going to shut down all Notepad processes for people running your game? NO.

 

[vitoto]

,,,

- learn in detail all the methods used to patch/crack other applications when they are not running.
**** This is fixed, i launch my process game and control.

- learn in detail all the methods used to hook into other processes while they are running.
**** That working in Antihook 2.5 Software

I not want close all notepad.exe opend, i want block or alert when some notepad.exe try get process the game running in memory.

cheat need get PID for change values in hex vars.

What happend, IF my GR Process was started in EnableDebugMode ?

Mayne some APIHook the tipicals API used by cheats when try attach to Game Process.

I have 6 months, in investing the problem.
We have release 1.0 working, but we need some more advanced and similar to AntiHook 2.5
http://www.infoprocess.com.au/AntiHook.php


We need help the expert Programer for Help in this problem.

 

[JohnH]

Linking article describing three ways to inject/hook into another process:
http://www.codeguru.com/Cpp/W-P/system/processesmodules/article.php/c5767/
(there is more links to relevant articles below also)
See if any of them are relevant to how a hacker may cheat your game, and see if there is at some point in that process you can detect/stop the intruder.
My guess is it's best to know the function calls and track them in the low level Windows messaging system, and when you are positive an attack is attempted then shut down that process.
(all function calls result in system messages at some level)
I could be wrong, but I don't think it is possible to detect the intrusion only from inside your game, you have to look 'outside' and analyze what's happening for other system processes.

 

[vitoto]

..

Yes man, this is complex challenger.

I try get solution maybe in year 2006