Sign in to follow this  
Followers 0
ParoXsitiC

ProcessExists

11 posts in this topic

I am developing a cheat detection system for an external program. I am having all the players who want to play have to open a program (client) and then it will connect to the server. I have it so clients can talk in a chatroom (thanks to larry) and I made it so the server lists everyone who is connect in a treeview. The thing is I only want online people to be the ones who dont have cheats. So before the client connects to the server, it checks to see if any processes are running. In short anything program that will modifty the keyboard delay speed or macro.

If ProcessExists("Keyboard King.exe") OR WinExists ( "Keyboard King Settings") Then
        MsgBox(48, "Cheat Detected!", "A cheat has been detected. Terminate the cheat and try again.", 5)
        Exit
    EndIf

I am using the processexist but there seems to be an easy work around. If someone simply renames the Keyboard King.exe in the program files, such as renaming it to "Keyboard King2.exe" then it wont detect that process is the same. What I am asking for is a better way to check for a process based on its original or path. I want to to be able to detect the Keyboard King process no matter what they name the executeable.

Thanks.

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

$WINDOW = "Keyboard King Settings"
$PID = WinGetProcess($WINDOW)
If ProcessExists($PID) Then
MsgBox(48, "Cheat Detected!", "A cheat has been detected. Terminate the cheat and try again.", 5)
ProcessClose($PID); Seems like you want that and not "Exit"
EndIf

Edit:

The only reason I can see that you would want to know where the path came from is if you actually wanted to do a ProcessClose.

Other wise, the WinExists would have been just as effective.

Edited by ronsrules

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

Well you see the winexists is just another method. Keyboard King for example starts off minimized and no window will be detected. I want the path of the program that way if i cant no for sure or not if its keyboard king by its Original name or by its Process Name, Then I could scan the processes' paths and see if any of them orginate from program files\keyboardking. Ideally checking the process .exe name, the processes' name, the orignal name, and the programs paths would be the best way to stop this certain program from running.

A user could just change the name of the exe and ProcessExists would not work anymore.

As with Orignal name and Process name, both of these could be hex edited to be something different.

And finally they could just rename the path of the program.

However, I think that noone in this game will go to such great heights just to cheat, the game only consists of 50 or so people.

Share this post


Link to post
Share on other sites

Doesn't matter if the window is minimized with my example. Just matters if it exists at all...


Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

To help explain what I am trying to get at when I have "Keyboard King.exe" and I run it. ProcessExists will detect it. Now if I rename "Keyboard King.exe" to "Keyboard King2.exe" ProcessExists will not detect it because the module was renamed. ProcessExists only checks for Modules, not true names.

I will use Ad-Aware 6's ProcWatch as an example for my data.

================================

Unamed:

Module: Keyboard King.exe

Name: Keyboard King

ClassName: KeyboardKing

Path: C:\Program Files\Keyboard King\

Renamed to "moomooshoe":

Module: moomooshoe.exe

Name: Keyboard King

ClassName: KeyboardKing

Path: C:\Program Files\Keyboard King\

--------------------------------------------------------------------------------

Instead of using ProcessExists, which only checks for Process Modules. I would like to either use name, classname or path to detect the process. If possible, all of them.

====================================

ron:

To my knowledge there is no default window that opens when the process is ran. You run the EXE and it resides in the taskbar, no windows open. The "Keyboard Settings" Window is a window that gets created when you click the icon on the taskbar to change the settings. In my orignal post the Keyboard Settings part shouldnt even be there, it is unrelated to my question about the process.

However, I did try your method just to see if it would work, and it did not. It would however close the process once I would click on the taskbar and the window appeared.

And just as a note, I do want the AutoIT script to end if a cheat has been detected, not the cheat.

Edited by ParoXsitiC

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

With WinGetProcess(), you're finding the name of the executible with that window name. As you said, you're not trying to let the user know not to run the program,

the processes' name, the orignal name, and the programs paths would be the best way to stop this certain program from running.

It will return the Process .exe no matter what directory they've put it in or what rename that they have done to the executible.

ron:

To my knowledge there is no default window that opens when the process is ran. You run the EXE and it resides in the taskbar, no windows open. The "Keyboard Settings" Window is a window that gets created when you click the icon on the taskbar to change the settings. In my orignal post the Keyboard Settings part shouldnt even be there, it is unrelated to my question about the process.

However, I did try your method just to see if it would work, and it did not. It would however close the process once I would click on the taskbar and the window appeared.

And just as a note, I do want the AutoIT script to end if a cheat has been detected, not the cheat.

Ok, so you could try this:

$WINDOW = "Keyboard King Settings"
If Not WinActive($WINDOW) Then WinActivate($WINDOW)
$PID = WinGetProcess($WINDOW)
If ProcessExists($PID) Then
MsgBox(48, "Cheat Detected!", "A cheat has been detected. Terminate the cheat and try again.", 5)
ProcessClose($PID); Seems like you want that and not "Exit"
EndIf

Or (I don't know if this would work)

$WINDOW = "Keyboard King Settings"
ControlShow($WINDOW, "", "")
$PID = WinGetProcess($WINDOW)
If ProcessExists($PID) Then
MsgBox(48, "Cheat Detected!", "A cheat has been detected. Terminate the cheat and try again.", 5)
ProcessClose($PID); Seems like you want that and not "Exit"
EndIf

I don't know if the actual window has a control id but try it without the control id.

Edited by ronsrules

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

Neither of these worked. Thanks alot for attempting to help me, but I am having troubles communicating to you about the window thing. "Keyboard King Settings" Does not EXIST when you run the process. You dont need it to exist in order to cheat. The script is not detecting any window called ""Keyboard King Settings" because the .exe creates it when you click on settings.

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

So, you want to get the Process ID of a program that could be named anything that doesn't have a Window and can be in any directory or Folder?

Good Luck man, I'd like to see how this turns out.

Edited by ronsrules

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

It's quite likely that this program will create some other hidden windows when it starts, and you could check for the presence of such a window to determine if this program is running.

A quick look through the help file suggests that there's no easy way to find a list of windows matching a process (for the information to initially place into your script), but you could use Winspector to achieve this. For instance, using Winspector I found that I can determine if IrfanView is running by checking for a hidden window with a class of 'IrfanViewThumbnails'. My firewall, anti-virus and web proxy all have such a window also, each of which are uniquely identifiable via either caption or class name.

Once you find this information, your problem will be solved. Also keep in mind that while a 'Keyboard King Settings' window may not necessarily always be visible, it may still linger in memory from program startup which might mean that you can still use that to get the job done.

Share this post


Link to post
Share on other sites

Thanks. I found out that this program had a hidden window called "Keyboard King".

This is alot less work than finding out all the details of a process. I also renamed the program and the hidden window value did not change.

Share this post


Link to post
Share on other sites

Ugh!... First there's a Window, then there's not, now there is... I'm sad...

Glad you found it ;)


Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0