• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 292
  • Last Modified:

Identity of programs in the background (winxp)

I noticed i can rename almost any programs' name & run it. When i view the processes in TaskManager  i can see the program name on the list of processes running.

I can rename notepad.exe to svchost.exe. if i am writing anti-hacking software in vb or delphi - how can i know which program is which -- is there any unique handle i can use?
0
eriklee
Asked:
eriklee
1 Solution
 
YourReferenceCommented:
One way is to record the PID of the process running in a File or Registry.  If you rename norepad.exe to svchost.exe, when you launch it, record the PID of svchost.exe.

When you see PID 1111 (or whatever it ends up to be) you know it's your program
0
 
erikleeAuthor Commented:
the PID changes everytime you start the machine or the program.

notepad.exe can be 112 this time but can be 345 the next. there is not fixed unique PID associated with notepad.exe.
0
 
ThievingSixCommented:
Every time you rename it, re-record the PID.
0
 
nffvrxqgrcfqvvcCommented:
This is done by the code in the application itself for example and application that would want to stop multiple instances of an application would create a mutex object with a unique mutex name then check if the unique mutex name is already active and act accordingly. Applications like notepad don't have these features.
0
 
erikleeAuthor Commented:
http://www.osix.net/modules/article/?id=6


found something abt mutex..
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now