可以检测到.exe是如何启动的吗? [英] Can one detect how .exe was launched?

问题描述

我希望能够检测给定的exe是否通过程序进行shellex编程，或者是否在例如CMD.EXE中以交互方式输入和执行.

I want to be able to detect whether a given exe was shellex'd programmatically or if it was entered and executed interactively in, say, CMD.EXE.

关于exe的启动方式是否有任何指示启动它的机制的信息?

Is there anything about the way an exe is launched that indicates the mechanism that was used to launch it?

上下文:Windows XP，Visual Studio 6语言.

Context: Windows XP, Visual Studio 6 languages.

推荐答案

也许有更简单的方法，但是我能想到的唯一方法是检查父进程名称，这涉及几个步骤:

There might be an easier way, but the only way I can think of is to check the parent process name, which involves a few steps:

1. 获取父进程的ID .
2. 获取流程的句柄，使用ID.
3. 在句柄中使用 GetModuleFileNameEx 找到(并将NULL作为模块)以获取可执行文件的名称.
4. 检查可执行文件的名称是cmd.exe还是其他名称.

1. Get the ID of the parent process.
2. Get the handle of the process, using the ID.
3. Use GetModuleFileNameEx with the handle found (and NULL as the module) to get the executable's name.
4. Check if the executable's name is cmd.exe or whatever.

请记住，当您(或同时)执行此检查时，父进程可能已经消失了.

Bear in mind that the parent process might already be gone when (or while) you do this check.

如果您的程序是控制台应用程序，则还可以检查其正在运行的控制台.如果它是从cmd运行的，则通常将使用同一控制台.因此，您可以使用 GetConsoleTitle 例如，查看是否为命令提示符".这可能不适用于Windows的本地化版本或其他版本，但是如果情况有限，这很容易.您还可以使用 GetConsoleWindow 和 GetWindowThreadProcessId 而不是步骤1和2.

If your program is a console application, you can also check the console it's running in. If it was run from cmd, it will usually use the same console. So, you can use GetConsoleTitle, for instance, and see if it's "Command Prompt". This might not work on localized or different versions of Windows, but it's easy if you have limitated cases. You can also use GetConsoleWindow and GetWindowThreadProcessId instead of steps 1 and 2.

这篇关于可以检测到.exe是如何启动的吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！