C#钩Windows进程,以检查调试过程 [英] C# Hook Windows Processes to Check for Debugging Processes
问题描述
我在想,如果有一种方法,我可以勾了Windows进程,以检查是否有可疑的程序都一样(Wireshark的,提琴手,OllyDbg的,等等)上运行。
I was wondering if there is a way I could hook the windows processes to check if any suspicious programs are running like (Wireshark, Fiddler, OllyDBG, etc).
我要挂钩的Windows进程,因此将关闭客户端或弹出实时信息检测到有害的程序时。
I want to hook the windows processes so it will close the client or pop-up a message in real time when it detects a unwanted process.
如果你们能为我提供做这个的任何链接,将是很好的。
If you guys can provide me with any links to doing this that would be nice.
谢谢!
推荐答案
您可以检测过程中的创作通过使用WMI创造事件的 的Win32_Process
。 的Win32_Process
与每个进程创建的,因此寻找新的实例会告诉你有关进程创建的(近)实时的实例。
You can detect process creations by using WMI creation events for Win32_Process
. An instance of Win32_Process
is created with each process, so looking new instances will tell you about process creation in (near) real time.
要获得WMI创建事件看到这个页面: HTTP:/ /msdn.microsoft.com/en-us/library/system.management.eventquery.aspx 。(编辑:不同的链接,现在在C#示例)
To receive WMI creation events see this page: http://msdn.microsoft.com/en-us/library/system.management.eventquery.aspx ( different link, now to sample in C#).
这篇关于C#钩Windows进程,以检查调试过程的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!