smudo

Calling script knows who called?

5 posts in this topic

I'm looking for an example of or function/macro which would make my script a bit more secure.

What I'm trying to do is from one script I want to call a second script which would verify the hash of the calling script.  If the file changes I want the script to know where it was being called from.  I've tried searching the interwebs and have been unsuccessful...maybe I'm not search the correct syntax.

Example.  Script A (MainScript.exe) calls Script B(CheckHash.exe) and Script B knows it came from Script A.  Verify Hashfile of Script A even if the file was renamed.

Does this make sense?

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

An idea is to retrieve the parent process (if exists), get its full path and then check the hash.

You can use _WinAPI_GetParentProcess to get the parent process (PID) and something like _ProcessGetPathEx to get the full path of the specified PID/ProcessName

But I think this implies that the parent process must be running...


 

Edited by jguinch

Share this post


Link to post
Share on other sites

Thank you for replying jguinch.  I'm looking at it right now.

Share this post


Link to post
Share on other sites

I found in the help file a process called _WinAPI_EnumChildProcess, however, when i run it from the parent script (SCRIPT A) i get the name of the script being called (SCRIPT B) which is itself and not the parent script where it was called from.  

I also took a look at _ProcessGethPathEx but the script appeared to be written with known paths.  I'm looking to utilize certutil to check the algorithm of the parent script to make sure it wasn't tampered with.  Not sure of another "secure" way of doing this.

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

My apologies.  I was able to get the process to work by using _ProcessGetPathEx($ipid).  Thank you very much for the hints!

Oh and Thank you SmOke_N!

Edited by smudo

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now