[RESOLVED] Quick Question on VB project dealing with computer processes

Hi all and good day I hope you all are well, I'm thinking about writign a program that allows VB to scan the currently running computer processes and then by using a list from a text file. See if any match the list and report it. Basically it would be a program to check for spyware or virus processes. But my questions are:
1) Is it feasible to do that with VB?
2) What in the world code would report the runnign processes to VB? I mean it could look at the current running ones and write them in a text file and then compare it will the "database" to see if there is any matches, but I'm no great programmer lol.

Any help would be appreciated or if you have questions feel free to post them

1) yes
2) heres the code to get the list of current processes

http://vbforums.com/showthread.php?t...processes+list

If you have a lot of items to check against then a database would be the best option like you said, to make things simpler to start you could just use a flat text file as the "database" maybe something like this as the format:

Code:

---

Trojan123,coolgame.exe
hotKeysHook,something.exe
othervirus,notetaker.exe

---

Do you see what I mean? having the name of the virus then the process name seperated by a comma.

That would be nice and simple to start off with. You'll have to look at some database tutorials, theres some here but Google has the answer, thats if you want to go straight into using a database such as MS Access.

do you have a textfile format that you will need to use, ie someone can provide an updated file of the latest virus's etc?

or are you thinking of creating your own simple format?

In addition to what 182 guy said...

If you want it to work properly, I would also store the CRC32 checksums of the known viruses/trojans in the database/text file. This way, you can compare the process EXE's CRC to the trojan's, and then you know if it is the same.

If you don't know what CRC32 is, then look it up.

Otherwise, there could be a trojan named "explorer" but it will detect Windows Explorer as a virus.

I suppose the hardest part of making a program like this is not the coding but actually getting access to a good virus/spyware database that is regularly updated.

Quote:

---

Originally Posted by the182guy

I suppose the hardest part of making a program like this is not the coding but actually getting access to a good virus/spyware database that is regularly updated.

---

Yup.

Thanks for all your help guys :)

Oh wait I have one more simple question, after the processes are in the list1 how would i match it between a text box. Meaning if say notepad.exe was a bad process how would i get the text1.text to display it information and say it was bad

would it be somthing like this

VB Code:

If List1.Text = "notepad.exe" Then
Text1.Text = "OK"
End If

because that isn't working :( what else could i use ? Thanks guys

The way your doing it you can code it like this:

VB Code:

Private Sub Command1_Click()
 
Dim Process As String
Dim Found As Boolean
 
Found = False
 
For i = 2 To List1.ListCount - 1
    Process = List1.List(i)
    If Process = "notepad.exe" Then
        Text1.Text = "Found: " & Process
        Found = True
        Exit For
    End If
Next i
 
If Found = False Then Text1.Text = "None found"
 
End Sub

But thats only when you hard code the process name into the program, you want to be able to get the bad processes out of a textfile or something, otherwise you would end up with hundreds of If statements

you might also be interested in this vbAccelerator article: Using PSAPI to get a complete task list and memory usage

Quote:

---

Originally Posted by the182guy

The way your doing it you can code it like this:

VB Code:

Private Sub Command1_Click()
 
Dim Process As String
Dim Found As Boolean
 
Found = False
 
For i = 2 To List1.ListCount - 1
    Process = List1.List(i)
    If Process = "notepad.exe" Then
        Text1.Text = "Found: " & Process
        Found = True
        Exit For
    End If
Next i
 
If Found = False Then Text1.Text = "None found"
 
End Sub

But thats only when you hard code the process name into the program, you want to be able to get the bad processes out of a textfile or something, otherwise you would end up with hundreds of If statements

---

Ok Thanks I see what you mean, So then it mgiht be easier to have the processes in a text file. So that would have to be opened when the button is clicked. So then it would need to go through all the processes that were found in the listbox and then if there is a match between any process there and than in the textfile, it would be displayed in the textbox. The problem is how do i get it to go throw the list of both the listbox and the text file?

How about this.

It checks what processes are running and puts them in the first listbox. It then reads the textfile and parses the virus name and filename. Finally it checks the list of running processes against the bad names from the textfile. If there is a match it adds it to the second listbox.

See the attachment! :D

its worth noting that this might find false positives, like DigiRev said, unless you check the CRC or MD5 hash, you can't be sure that it is actually THE virus thats running, it may just have the same exe name.

I understand, I really am grateful for all your guys help. Now I have to make the "database" Thanks alot guys i mean WOW

Quote:

---

Originally Posted by the182guy

How about this.

It checks what processes are running and puts them in the first listbox. It then reads the textfile and parses the virus name and filename. Finally it checks the list of running processes against the bad names from the textfile. If there is a match it adds it to the second listbox.

See the attachment! :D

---

I am curious, would it be possible to modify the code so there would be 3 list boxes, where there are 1 for the current processes, another for the ones that are bad process, and a 3rd for information on the processes that show up in the 2nd list box?

Ok heres the updates version with 3 listboxes, the 3rd for the bad proccesses from the file. Sorry its not commented every line, I will if you want

thanks a lot, for the 3rd list box can it be done so that it displays on any bad processes show up on the 2nd one IE: if its Winblaster32 or what, then in the information or 3rd box is displays its Name, File name and description?

can list boxes be multilined?

I see what you mean, you cant have a multiline listbox. even if you could it would look horrible.

I would turn that listbox that your talking about into a ListView like this:

Yes that is PERFECT, god I wish I knew as much about VB as you.
And from what I learned I can only have a few thousand if then statements and that simply would not work.

Yeah it looks cool doesnt it? I will update the project so it uses that listview for the column that displays what has been found. I will have to add a 3rd column into the textfile also, because theres no description at the mo, only name and filename.

I'm back, here is version 3, it uses the listview like above :)

Okay here is the 4th version and final version, it displays all the info about the process in a listview instead of just the filename.

This "Quick Question" turned out to be 22posts+ with a 180 line example LoL:D

edit: the example has become more complicated so i've commented all of it

edit2: I forgot to move the "Bad Process from File" label, so just move it over the listbox

That is totally awesome, thank you so much. Now comes the tedious task of adding thousands of bad processes definitions to it lol.

If I get an error saying subscript out of range, does that mean the rows are not wide enough to fit all the text in?

In the textfile if there is some new lines at the end of the data it will cause that error. Be sure theres no new lines after the last entry.

ok thanks