开发者

How to check if a program is using .NET?

开发者 https://www.devze.com 2022-12-16 11:19 出处:网络
开发者_运维知识库Can we check if a running application or a program uses .Net framework to execute itself?There\'s a trick I once learned from Scott Hanselman\'s list of interview questions. You can e
开发者_运维知识库

Can we check if a running application or a program uses .Net framework to execute itself?


There's a trick I once learned from Scott Hanselman's list of interview questions. You can easily list all programs running .NET in command prompt by using:

tasklist /m "mscor*"

It will list all processes that have mscor* amongst their loaded modules.

We can apply the same method in code:

public static bool IsDotNetProcess(this Process process)
{
  var modules = process.Modules.Cast<ProcessModule>().Where(
      m => m.ModuleName.StartsWith("mscor", StringComparison.InvariantCultureIgnoreCase));

  return modules.Any();
}


Use the CLR COM interfaces ICorPublish and ICorPublishProcess. The easiest way to do this from C# is to borrow some code from SharpDevelop's debugger, and do the following:

ICorPublish publish = new ICorPublish();
ICorPublishProcess process;

process = publish.GetProcess(PidToCheck);

if (process == null || !process.IsManaged)
{
    // Not managed.
}
else
{
    // Managed.
}


Use System.Reflection.Assembly.LoadFrom function to load the .exe file. This function will throw exception if you try to load binary file that is not .NET assembly.


I know this is about a million years too late, but in case it helps - my favourite method to figure out if an exe is using .net is to run MSIL disassembler against it which comes with .net SDK. If a .net exe you indeed have, you'll get a nice graphical breakdown of its contents; if a plain old win32 exe it be, you'll get a message telling you so.


Programmatically you'd get the starting image name using Win32 API like NtQueryInformationProcess, or in .Net use System.Diagnostics.Process.GetProcesses() and read Process.StartInfo.FileName.

Then open and decode the PE headers of that image using details prescribed in the MSDN article below:

http://msdn.microsoft.com/en-us/magazine/cc301808.aspx

Caveats: will only detect .NET built assemblies e.g. won't detect Win32 EXEs dynamically hosting CLR using CorHost APIs.


I suggest downloading the Redgate's DotNetReflector and checking if it can open the application.


A list of running .NET processes is available in Performance Monitor. Just run perfmon and in the Monitoring Tools >> Performance Monitor click + Icon or press Ctrl+N. In the list of available counters, at the beginning of the list find .NET CLR Jit and select a sub item. You will see a list of .NET process in Instances of selected object list.

If you want a method in C# without running your app in Administrator mode, there is solution introduced by Process Hacker tool.

According to Process Hacker / .NET Tools / native.c :

Most .NET processes have a handle open to a section named \BaseNamedObjects\Cor_Private_IPCBlock(v4)<ProcessId>. This is the same object used by the ICorPublish::GetProcess function. Instead of calling that function, we simply check for the existence of that section object. This means: * Better performance. * No need for admin rights to get .NET status of processes owned by other users.

Getting a list of Process handles in C# is a bit of hard work. Instead you can download the DotNetTools.dll from Process Hacker plugins folder and create an extern method to use PhGetProcessIsDotNet function.

0

精彩评论

暂无评论...
验证码 换一张
取 消