I would like to make a small program listing running programs on my
computer - this seems simple. But I would also like to detect their
connections, ex.: I detect a running Internet Explorer (or other
browser), but I would like to know which websites it is visiting.
Another example; I detect Word is running, and would like to know what
document(s) it is working with. Is it possible to query the http-
protocol to discover online connections? And how about programs that
open local resources? So, listing running programs and their
connections is what I want to do - and do I have to poll for it every minute or is
there better ways of watching these processes?
It must be able to run on MS Windows, but the programminglanguage is not important
Thanx
Ask
You might want to consider some of the pre-existing tools capable of doing this. Both Windows NT and most Unixes come with the "netstat" command.
Windows NT: netstat -b
Unix: netstat -p
I like using Process Monitor. Find it here: http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
Related
I am writing a Go app targeted at macOS and Windows and that needs to monitor what processes write to a file at a given path. More specifically, I need to verify that only one specific process writes to the file for the duration that my program is running. On macOS, I can monitor the file via the built-in fs_usage command. Does anyone have an idea for how to achieve equivalent monitoring on at least Windows 10 and later without requiring the user to install any additional software.
Note that I don't expect for there to exist a pure Go solution and I don't mind interoperating to achieve the desired result.
Years ago, there were functions in Win32 whereby the app could check to see if a user was running the app via Terminal Services/Remote Desktop. I thnk it was something like:
GetSystemMetrics(1000H)
Is there a system call one can make to check to see if a Win32 or Win64 app is being run remotely via a program like GotoMyPC or LogMeIn?
No, there is not. Those are third party apps doing their own video/input capturing and network streaming. They are plain ordinary apps as far as Windows is concerned. Terminal Services is built into Windows, which is why there are APIs to query TS status.
The only way I can (currently) think of, other than using the aforementioned API call, is also seeing if any particular processes you can identify are running (e.g. GotoMyPC or LogMeIn... they will have some process running). Without doing too much research, they may be running without actually having someone using them. If, however, they launch something to do the streaming, you could check for that.
Just to make sure that this isn't an XY problem, what is it that you're trying to do - and perhaps there is another way?
I'm currently using windows 7 with apache, php, and mysql. I understand on windows, task scheduler is the equivalence of cron jobs on linux/unix systems. I'm wondering what the easiest way to run a php file on my localhost server is through a task scheduler. I want it to open chrome (i know how to do that) but how do I set it to go to a certain page and close once it's finished the script.
A couple things come to mind...
One would be to utilize AutoIt which is a very powerful and public domain automation tool. You could easily start Chrome, navigate, verify on-screen values (e.g. when your script finishes), and then close chrome.
Another alternative would be to play bit more gorilla warfare tactic and terminate the process Chrome is using after some preset amount of time has elapsed (assuming you know how long this takes to run). See Windows' "TaskKill" command line options here: enter link description here
I decided to write a program in RUBY in which the following things should be done:
1 - this program must run a specific program (for example utorrent) at a specific time (for example 1 pm).
2 - this program must turn off my computer at another specific time.
I don't have any idea about the algorithm and manner of writing such program.
One of the easiest ways to do this is to simply send kill signals to the processes, requesting the app shut down normally (Linux), or in Windows use taskkill.
To shutdown a machine in Windows, you can use shutdown /s /f which forcibly closes any programs that are running, and turns the computer off.
No matter which way you do it, you'll basically be running the enter link description heresystem() command in Ruby, which runs command line commands. To make your app portable, you simply look up how to do these tasks in each target OS, and you're done.
Two more alternatives that work the same as your Ruby proposal, but which are not as easily portable:
Write a batch file in Windows that calls taskkill, or a bash script on Linux. Unless the program in question provides a specific way to shut it down via its own command-line parameters, this should work for any/all applications.
You can also use Task Scheduler in Windows, or cron in Linux to do the same thing.
What is your favorite technique for launching a windbg user-mode remote debugging session?
Why is do you prefer this technique over other techniques? (pros/cons)
There are at least four different ways to do user-mode remote debug using windbg, as documented in the "Remote Debugging" section of the debugging tools for windows help file.
run app on target then attach to it from the host windbg
have the host windbg use remote.exe to launch the app on the target
have the "smart client" host windbg launch the app on the target via a process server that is running on the target
run a windbg instance on the target machine using the option "-server" to automatically start a server, then connect to the server from a 2nd machine.
Option 1 is my favourite because it is the simplest. I get to launch the app in the normal way without worry about getting WinDbg to set the right working directory, pass any command line arguments, etc.
Fortunately I've not run into any cases where this hasn't worked!
There is no "the best" solution. Each of the possibilities has advantages and disadvantages and it's good to understand all of them. It depends on several factors like:
where are the symbols located
which PC has access to the Internet to download the OS symbols
what amount of data may you copy to the server (clients often accept better if it's just a single Exe)
what's the bandwidth between client and server
do you need other commands that just CDB/WinDbg, e.g. access to CMD, then consider remote.exe
who's available on the server side, a debugging expert whom you can easily tell a lot of cryptic commands or a normal user who barely knows how to start a command prompt
are both sides in a private network, so you need a "man in the middle" server to be able to access each other (or port forwarding as an alternative, which IT guys don't want and it may take days to get it set up)
From those 4 options, don't forget that clients often want to see exactly what you do, so they require an RDP session, Teamviewer or similar. That's something they understand.
I tend to use option 4 (-server) because it is the only one that doesn't "pop" when you break into the kernel debugger long enough for the TCP connection to timeout. But this is more complex and not fully satisfying. So I'm looking for "best practices".