Thread: check if a program was used/accessed

  1. #1
    Registered User Annonymous's Avatar
    Join Date
    Apr 2011
    Location
    Jackson, New Jersey, United States
    Posts
    302

    check if a program was used/accessed

    hey y'all. I want to be able to check if a program was used on my computer without going through my logs. Lets say if i go to the store and leave my laptop on with no password. Just go with it. Im running a live CD and sometimes an easy solution is not as fun as a project! So as I was saying; If I go to the store, can I write a program in C that does x if a program like firefox is opened? Like shut down or reboot? The execve function comes to mind, if that would even work. So how can i go about doing this?

  2. #2
    Registered User
    Join Date
    Dec 2011
    Posts
    795
    I'm not sure, but you could try either:
    a) monitoring the active processes of the system and then checking if one of the PIDs correspond to the application you want
    b) polling a logfile and scanning for the string that matches the launch of the application you want

  3. #3
    Registered User Annonymous's Avatar
    Join Date
    Apr 2011
    Location
    Jackson, New Jersey, United States
    Posts
    302
    Sounds like a tedious task! For option a, doesn't the pid of a program change every time you open and close it? Option b sounds like it would 2 heavy on my system!

  4. #4
    Registered User
    Join Date
    Dec 2011
    Posts
    795
    Yes, and that's why the sysctl() command will tell you the name of the process as long as the ID. Use the call, sort through the data it returns, and then find if one of them is the application you want.

    And yeah, option 2 is easier but takes more system resources.

  5. #5
    Registered User Annonymous's Avatar
    Join Date
    Apr 2011
    Location
    Jackson, New Jersey, United States
    Posts
    302
    Ok I'm going to have a crack at it. Thanks memcpy.

  6. #6
    Registered User
    Join Date
    Dec 2011
    Posts
    795
    If you're having trouble with the PID thing, this might help you get started:

    Code:
    #include <sys/param.h>
    #include <sys/user.h>
    #include <sys/sysctl.h>
    
    	struct kinfo_proc *procs = NULL;
    	int i, rt;
    	size_t size = 0;
    	
    	int mib[] = {CTL_KERN, KERN_PROC, KERN_PROC_ALL, 0};
    	
    	rt = sysctl(mib, 3, NULL, &size, NULL, 0);
    
    
    	procs = realloc(procs, size);
    	
    	rt = sysctl(mib, 3, procs, &size, NULL, 0);
    	
    	for (i = 0; i < (size / sizeof(struct kinfo_proc)); i++) 
    		printf("%d  %s\n", procs[i].kp_proc.p_pid, procs[i].kp_proc.p_comm);
    	
    	free(procs);

  7. #7
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    All dynamically linked programs are launched via the dynamic linker ld-linux.so, so if you modify ld-linux.so with your own watchdog code and install it as the system dynamic linker, all programs will be intercepted at that point.

    Statically linked programs would be immune, but most programs aren't statically linked.
    Code:
    //try
    //{
    	if (a) do { f( b); } while(1);
    	else   do { f(!b); } while(1);
    //}

  8. #8
    Registered User Annonymous's Avatar
    Join Date
    Apr 2011
    Location
    Jackson, New Jersey, United States
    Posts
    302
    brewbuck, i am going to google everything. Im starting from ground up because this is all new to me. I have never heard of the dynamic linker ld-linux.so I hope to learn a great deal from this!

  9. #9
    Registered User Annonymous's Avatar
    Join Date
    Apr 2011
    Location
    Jackson, New Jersey, United States
    Posts
    302
    So how would i modify the ld-linux.so file?

  10. #10
    Registered User Annonymous's Avatar
    Join Date
    Apr 2011
    Location
    Jackson, New Jersey, United States
    Posts
    302
    BTW Memcpy, that code snippet you posted is BSD specific.

    Question for ever can answer. I am trying to find a way to implement the sysctl call for linux, specifically Ubuntu. What are the management information base arguments? KERN_PROC, KERN_PROC_ALL, are used for FreeBSD. Any info on the subject will be helpful thanks.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Database type to be accessed by Javascript
    By carrotcake1029 in forum Tech Board
    Replies: 4
    Last Post: 05-25-2011, 09:05 PM
  2. Replies: 19
    Last Post: 12-18-2007, 10:24 AM
  3. Reading data from a randomly accessed file
    By DLR in forum C Programming
    Replies: 2
    Last Post: 04-19-2006, 09:25 PM
  4. writing randomly accessed files
    By stumon in forum C Programming
    Replies: 2
    Last Post: 03-16-2003, 10:40 AM
  5. How can an api be accessed through other languages
    By Shadow12345 in forum Windows Programming
    Replies: 6
    Last Post: 10-21-2002, 07:01 PM