Jump to content
Sign in to follow this  

Search running proccesses for md5 hash

Recommended Posts


Allow me to start from the beginning. I am a novice script writer but I wrote a small script that reads a txt file. In the text file, there are executable (IE: halo.exe,tetris.exe,ptanks.exe) names. The script is in a loop constantly reading this file and if a proccess exists, it will close it. (I use this for a school.) Now, unfortunately if the executable is renamed to a random name, it will bypass the script easily and I can't keep track of that. Is there a way to read all running processes hash and have it close programs according to their hash instead? Or perhaps a better method?

Here is the previous script:

Opt("TrayIconHide", 1)

While 1
    $file = FileOpen("glist.txt", 0)
    ;no error checking on opening this file
    ;since the end user does not need to see that info
    ;and the loop will attempt to open the file later
    $whole_file = FileRead($file)

    If StringInStr($whole_file, ",") = 0 Then
        If ProcessExists($whole_file) Then
        $games = StringSplit($whole_file, ",")
        For $i = 1 To $games[0]
            If ProcessExists($games[$i]) Then
    Sleep(1000) ;every 10 seconds

[center][/center][center]Xonos Development[font=trebuchet ms,helvetica,sans-serif]- Resources -[/font] AutoIT Documentation | Active Directory UDF | Windows Services UDF | Koda GUI Designer[/center]

Share this post

Link to post
Share on other sites

MD5? - i don't know, but you can do it so:

- search forum for "process path"

- make file contains list of folders, in which game exe's installed.

- loop process, compare paths with noted, close if =.


Share this post

Link to post
Share on other sites

You want to check running processes for known executables ? I'd keep a list of the executables CRC or md5, then for each running process, get the full pathname of the executable and check that. So renamed exes will still be detected.

It can be easily bypassed by changing the executable a little, or using another version of it, though ...

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this