Reputation: 1
Generate MD5 hash of running process
I have a problem that i do not know how is it possible to do in C#. So i have a running process, but after start i remove the execution file or exchange / modify it.
How is it possible to get the running processes file content and generate an md5 hash from it?
I can get the process list, but i cant get the context of it.
Can you give me some tips or maybe some code?
I tried to find the answer in the google / etc., but unfortunately i didnt find a solution for it.
Thank you very much.
Upvotes: 0
Views: 2847
Answers (4)
Reputation: 332
did you try dump process with windows (or visual studio tools) and check what bytes exists inside.... I will start with that option
for my needs https://github.com/glmcdona/Process-Dump create most similar executable not same, but most of bytes inside main body correct.
Upvotes: 0
Reputation: 19
Run powershell in background and fetch the output from this script:
foreach ($proc in get-process) { try { Get-FileHash $proc.path -Algorithm MD5 -ErrorAction stop } catch { $proc.name | out-file c:\error.log -Append } }
Upvotes: 0
Reputation: 1238
Unfortunately I suppose, there is no solution for your problem. Because of address space layout randomization and other security and non-security features of ram you'll never get reliable results.
Upvotes: 0
Related Questions
- C# Generate a random Md5 Hash
- How do I get the hash of current .exe?
- How to generate MD5 hash code for my WinRT app using C#?
- MD5 hash for file in C#
- Verify Currently Running Executable
- Generate Running Hash (or Checksum) in C#?
- Computing md5 hash
- Process.Start with md5 hash as argument
- Determining hash of my own application as it is run?
- Calculate hash without having the entire buffer in memory at once