Jump to content
Sign in to follow this  
Xonos

Search running proccesses for md5 hash

Recommended Posts

Xonos

Allow me to start from the beginning. I am a novice script writer but I wrote a small script that reads a txt file. In the text file, there are executable (IE: halo.exe,tetris.exe,ptanks.exe) names. The script is in a loop constantly reading this file and if a proccess exists, it will close it. (I use this for a school.) Now, unfortunately if the executable is renamed to a random name, it will bypass the script easily and I can't keep track of that. Is there a way to read all running processes hash and have it close programs according to their hash instead? Or perhaps a better method?

Here is the previous script:

Opt("TrayIconHide", 1)

While 1
    $file = FileOpen("glist.txt", 0)
    ;no error checking on opening this file
    ;since the end user does not need to see that info
    ;and the loop will attempt to open the file later
    $whole_file = FileRead($file)
    FileClose($file)

    If StringInStr($whole_file, ",") = 0 Then
        If ProcessExists($whole_file) Then
       
            ProcessClose($whole_file)
        EndIf
    Else
        $games = StringSplit($whole_file, ",")
        For $i = 1 To $games[0]
            If ProcessExists($games[$i]) Then
 
                ProcessClose($games[$i])
                Sleep(99)
            EndIf
        Next
    EndIf
    Sleep(1000) ;every 10 seconds
    SplashOff()
WEnd

[center][/center][center]Xonos Development[font=trebuchet ms,helvetica,sans-serif]- Resources -[/font] AutoIT Documentation | Active Directory UDF | Windows Services UDF | Koda GUI Designer[/center]

Share this post


Link to post
Share on other sites
GodlessSinner

MD5? - i don't know, but you can do it so:

- search forum for "process path"

- make file contains list of folders, in which game exe's installed.

- loop process, compare paths with noted, close if =.


_____________________________________________________________________________

Share this post


Link to post
Share on other sites
Inverted

You want to check running processes for known executables ? I'd keep a list of the executables CRC or md5, then for each running process, get the full pathname of the executable and check that. So renamed exes will still be detected.

It can be easily bypassed by changing the executable a little, or using another version of it, though ...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.