Thread: Compare running programs' MD5 and terminate

  1. #1
    Registered User
    Join Date
    Feb 2008
    Posts
    26

    Compare running programs' MD5 and terminate

    Thank you in advise.

    I'm new with C... so please patient with me

    I'd like to have help to create a C program to:

    - check MD5 Digest of every running program
    - compare this MD5 with one I've to input
    - terminate the program with the MD5 specified

    Is it all possible?

    Thanks

    - Fer -

  2. #2
    Malum in se abachler's Avatar
    Join Date
    Apr 2007
    Posts
    3,195
    Not under windows, but perhaps under linux, if you modify the kernel to generate an MD5 signature for each application when ti starts up, and then allow you to call some terminate API that uses teh MD5 as the process identifier.

    Windows does not let 'normal' applications access the process memory of other processes, as it woudl be a security violation.

  3. #3
    Registered User
    Join Date
    Feb 2008
    Posts
    26

    But...

    But I found some C script to calculate MD5 and print it out.
    Maybe it is possible to save it in a string and then compare with the one I've input...

    I've also found a c program to generate the list of running programs... so if you save an array with every running program, and one by one you calculate the MD5, save in a string, compare and if equal terminate it (i've also found a C program terminate programs).

    But I don't know how to realize it or assembly the several programs over the Internet...

  4. #4
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    So what are you trying to achieve? If you are just after checking that the .exe hasn't changed, then fine, you can do that by MD5'ing the executable file.

    But what is in memory when you execute an application isn't going to be ALL of what is in the .exe file, nor is the parts of the .exe that is actually loaded going to be exactly what is in the file, because part of loading of the executable is something callled "fixup", where code and data references to DLL's are "fixed up" - so it will work for applications that do not use ANY DLL's, but those are so few and rare that it won't make much sense to do that. Note also that depending on which order you load the DLLs in the system (e.g. if you start firefox first, then you e-mail software one time, and another time e-mail first, then firefox) it may change the fixup values, so you can't even rely on the fixup being the same all the time.

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

Popular pages Recent additions subscribe to a feed