0

So I have a piece of software I'm hooking into. My problem is that the software has a launcher-like home window. From that home I click "Start" and it opens a second process with the same name. In my task manager they are identical in processes/details.

My program has to hook into this second process and I can only hook after the process exists. There's no way to launch it directly without the home window.

They both have randomized PID's each time. I can't figure out a way to differentiate the two processes. If my program hooks the wrong one it will freeze up the software.

p = Process.GetProcessesByName("programName");//This is specifically just the window name so that we can interact with the client using keystrokes.
System.Diagnostics.Debug.WriteLine("Attempting to hook into the program...");
process = Process.GetProcessesByName("programName").ToList().FirstOrDefault();
if (process == null) {
     System.Diagnostics.Debug.Write("Hook failed! Make sure the program is open.");
     Application.Exit();
     }
if (process != null) {
     mreader.ReadProcess = process;//Set the process we want to read to be the one we just got in the above line.
     mreader.OpenProcess();//Gets the handle of the process and hook in.
     for (int i = 0; i < process.Modules.Count; i++) {
          System.Diagnostics.Debug.WriteLine("Module " + i + ": " + process.Modules[i].ModuleName);
          if (process.Modules[i].ModuleName == "programcore.dll") {
               System.Diagnostics.Debug.WriteLine("programcore.dll found at Module " + i);
               iCounter = i;//Set the number programcore is on to our counter so we can hook in each time, even if it moves.
               System.Diagnostics.Debug.WriteLine("Success!");
               break;
          }
     }
}

This is how I'm hooking into the client to read/write the memory. Unfortunately both processes have the programcore.dll that I need so I don't know how to tell them apart.

Parallel Pancakes
  • 49
  • 7
  • Process IDs are essentially random. Only you have the software and can try to figure out which process is which - they could be running the same program twice with e.g. command line arguments, so you have to see what you can discern to differentiate. Process Explorer may help you. – NetMage Jan 20 '21 at 20:11
  • @NetMage Yeah, I mentioned the randomized PID in an attempt to ward off anyone telling me to "try comparing PID's". Is Process Explorer any different from Spy++? I compared both processes in Spy++ and they are identical, with only a couple tiny differences that don't seem static. – Parallel Pancakes Jan 20 '21 at 20:15
  • Process Explorer is like Task Manager Details on steroids. In Task Manager, is the command line the same for the two processes? – NetMage Jan 20 '21 at 20:31
  • Oh, they're not. Different command lines. So now I just have to figure out how to check the command line in C# and compare the two different processes and pick what I need, correct? – Parallel Pancakes Jan 20 '21 at 20:45
  • Unfortunately, that appears pretty difficult, but [this article](https://vbscrub.com/2020/05/05/using-net-to-get-process-command-lines/) appears to have everything you need (sadly, in VB.Net). You can also use WMI, but that is often slow and sometimes problematic. [Here](https://stackoverflow.com/a/37408846/2557128) is a 32-bit sample in C# as well, and [here ](https://stackoverflow.com/a/16142791/2557128) is one that supposedly works with both. – NetMage Jan 20 '21 at 20:51
  • If the 2nd process is always started by the launcher can you not check the process start time? The one you want will always have the later value? – the.Doc Jan 20 '21 at 22:08
  • Using that last link you provided @NetMage I was able to solve my problem by getting the command line and making sure it was the right one before hooking. Thanks! – Parallel Pancakes Jan 20 '21 at 22:10

0 Answers0