Javascript to get running processes?

Question

I'm wondering if it's possible to use Javascript in a web browser (most likely IE) to retrieve a list of currently running processes?

I'm not trying to start any processes or close them or anything like that. Just a list that I can check through then say for example do something else if a certain process is running.

You mean processes running on the computer? If so, the answer's no. JS doesn't have access to anything outside the browser. Perhaps you can do something freaky with an ActiveX plugin, but I wouldn't know about that — Flambino, Nov 12 '11 at 00:07
see also http://stackoverflow.com/questions/6833419/getting-javascript-to-run-a-process-if-its-not-already-running — Julien Kronegg, Apr 09 '14 at 20:04

score 7 · Accepted Answer · edited May 23 '17 at 12:18

7

No, you cannot get any information about OS processes from browser-based javascript running at normal privileges.

The browser javascript environment is very carefully protected and isolated from your system for privacy and security reasons. If one could do what you were just asking for then any web page on the internet could see exactly what programs you were running and could send that info back to their own servers.

If you are willing to loosen up your security settings, some versions of IE contain some ability to access OS information (see here for an example), but you should realize that if you do loosen up your security settings, then unknown web pages may be able to access this info or take actions in your OS also. Other browsers don't even contain this capability for regular web pages. With only one browser supporting this and only when security restrictions are relaxed, this is not a general purpose browser capability in any way.

edited May 23 '17 at 12:18

Community

1
1

answered Nov 12 '11 at 00:48

jfriend00

683,504
96
985
979

1

Has something changed? [Discord - Games Detection](https://support.discordapp.com/hc/en-us/articles/217960107-Games-Detection-101) – Kcvin Nov 30 '17 at 19:44
@Kcvin - What does that link have to do with this question? – jfriend00 Nov 30 '17 at 22:23
Discord via web browser can detect what game you're playing based on what .exe is running. I would assume it JS? I'm not certain if any special privileges are given. – Kcvin Dec 05 '17 at 21:45
@Kcvin - What is Discord? Link please. – jfriend00 Dec 05 '17 at 23:57
It's a browser-based chat app that can tell you what games your friends are playing based on the processes that are running--no download is required, but they do have an option to install desktop version; https://discordapp.com/ – Kcvin Dec 08 '17 at 16:08
@Kcvin - Well there is no way to tell what processes are running on your local computer at regular browser privileges. Imagine what ad companies or spyware companies or malicious folks would do if they could tell everything you were running on your computer just from a plain web page. When I tried the browser only version of discord in Chrome, I did not see any of that type of information available. – jfriend00 Dec 08 '17 at 16:35

score 4 · Answer 2 · answered Apr 19 '13 at 03:42

Here is JSP page-

<html>
<head>
<title>Find running processes</title>
<script type="text/jscript">
function getProcessList()
{
  var procs = GetObject("WinMgmts:").InstancesOf("Win32_Process");
  var mainRes = "";
  procEnum = new Enumerator(procs);
  for ( ; !procEnum.atEnd(); procEnum.moveNext())
  {
    var proc = procEnum.item();   
    mainRes += proc.Name + ": " + proc.ProcessID + "\n";
  } 
  return mainRes;
}

function getSysRunningApps()
{
  var oOutput = document.getElementById("processDisplay");
  oOutput.value = "";
  oOutput.value = getProcessList();
}

</script>
</head>

<body bgcolor="#FFFFFF">
<input type="button" value="Show Processes" onclick="getSysRunningApps();"><br>
<p id="processDisplay" cols="30" rows="40"></p>
</body>
</html>

[The `GetObject` VB function not supported since MSIE 9](http://msdn.microsoft.com/en-us/library/ie/7tf9xwsc%28v=vs.94%29.aspx) in standard mode. You will need to use Quirks mode... — Julien Kronegg, Apr 09 '14 at 20:15

score 2 · Answer 3 · edited May 23 '17 at 10:29

2

Yes, you can! The following approach targets only MSIE and may raise security warnings.

When executed under MSIE, the following code lists all Windows processes in the browser window and shows a javascript alert if McAfee is running:

<html>
  <body>
    <div id="list"></div>
  </body>
  <script>
    // create a shell object and exec handle
    var shell = new ActiveXObject('WScript.Shell');
    var handle = shell.Exec("tasklist.exe");

    // loop through the output of tasklist.exe
    while (!handle.StdOut.AtEndOfStream) {
      // grab a line of text
      var p = handle.StdOut.ReadLine();
      document.getElementById("list").innerHTML+=p+"<br>"; // for debugging
      // split on space
      p = p.split(' ');
      if (p[0]=='mcshield.exe') {
        alert("McAfee detected");
      }
    } // end :: while

    // clean up
    handle = null;
    shell=null;
</script>
</html>

Credit: inspired by https://stackoverflow.com/a/6834585/698168

This code was tested under the following browsers:

MSIE 8.0.6001.18702 / Windows XP Pro
MSIE 10.0.9200.16521 / Windows 7 ; Standard document mode
MSIE 11.0.9600.16428 / Windows 7 ; Edge (aka MSIE11) document mode

If you got a JavaScript error Automation server can't create object when creating the ActiveXObject, you may need to set MSIE's Security option Initialize and script ActiveX controls not marked as safe for scripting to either Prompt or Enable.

Under Firefox, you should use something based on XPCOM's nsIProcess. Note that tasklist.exe is not available under all Windows version: AFAIK it's available since Windows XP Pro.

edited May 23 '17 at 10:29

Community

1
1

answered Apr 02 '14 at 13:39

Julien Kronegg

4,968
1
47
60

I couldn't get your code to work here: http://jsfiddle.net/jfriend00/fR4dv/ in IE 11 on Windows 8. – jfriend00 Apr 02 '14 at 19:41
@jfriend00: I'm sorry, I don't have Windows 8, but I tested it under MSIE 11 and Windows 7 and it works. Do you have a `tasklist.exe` in your Windows directory ? (usually, its under `%windir%\system32\tasklist.exe`) – Julien Kronegg Apr 07 '14 at 09:05
Yes, I have tasklist.exe in the \windows\systems32 directory and in my path. It runs from a DOS shell just fine. – jfriend00 Apr 07 '14 at 17:06
@jfriend00: Do you have some JavaScript error? Is your MSIE security settings properly configured ? (e.g. "Initialize and script ActiveX controls not marked as safe for scripting"="Prompt") – Julien Kronegg Apr 09 '14 at 08:17
In the console, it says: "SCRIPT429: Automation server can't create object". I'm not going to spend more time debugging this as I would never let some arbitrary script run programs on my computer anyway, nor would I recommend anyone I know allowing that either. It does not work with the default security settings in IE11 on Windows 8, nor am I interested in adjusting security settings in IE to allow it. Thank goodness I don't normally run IE so I don't have to worry about being tricked by this kind of access. – jfriend00 Apr 09 '14 at 08:21

score 2 · Answer 4 · answered Nov 12 '11 at 00:09

2

Absolutely not, that's well beyond what the Javascript sandbox should be able to do.

answered Nov 12 '11 at 00:09

Ben Brocka

2,006
4
34
53

Javascript to get running processes?

4 Answers4

Linked