Reputation: 13
Does Process.Start() hook into the executable in any way?
Does System.Diagnostics.Process.Start() hook into the process it starts?
I would like to find a way to run a process from a C# app without the process knowing that it started as a result of the C# app. Is this the default behavior of Process.Start(), or do I need to do anything different / extra?
In other words, does the process being started have any way of telling that it was run from a C# app, or is it just like any other file being opened?
Upvotes: 0
Views: 946
Answers (1)
Reputation:
I would like to find a way to run a process from a C# app without the process knowing that it started as a result of the C# app
In other words, does the process being started have any way of telling that it was run from a C# app, or is it just like any other file being opened?
C# apps are run as a Window's process and due to that fact, the spawned process may use the Win32 function Process32First() to query information about the parent, specifically the parent process ID. Now it is entirely possible that by the time the child process obtains this information the parent may have terminated and Windows re-used the process ID for an entirely different process. Regardless, the child process could test the "parent" process to learn whether it is .NET or not.
Proxy
If you want to prevent the child process learning anything about your process (in this case whether it is .NET) then you could spawn it via a proxy.
In the diagram below, A is your process; Z is your spawned process. ---> is a spawning operation.
Change:
A ---> Z
...to:
A ---> P ---> Z
...where P is an intermediate proxy process that runs Z on your behalf. P exits immediately after creating the process. It will be highly improbable that Z could back-track back to A.
Make the Proxy Native Code
I would like to find a way to run a process from a C# app without the process knowing that it started as a result of the C# app
To further hide the fact that the immediate parent is not .NET, consider making the proxy in native code.
Make the Proxy an Out-of-process COM Server
Unlike the prior intermediate proxy example in c# or native code, there still exists the possibility that a process lineage may be learned back to your .NET app.
However if your A process instantiates a COM object hosted in a OoP COM Server P, then the spawned process will not be able to trace it back to you because I'm pretty sure COM-activation is different to spawning a new process and so may not be subject to inheritance. Particularly if the COM Server is long-running and was running prior to A.
---> **P**...
|
|
V
**Z**...
------> **A**...
Tell me more
- Process32First
- Start new process, without being a child of the spawning process
- How can a Win32 process get the pid of its parent?
Upvotes: 3
Related Questions
- C# Process.Start - independent process
- What actually happens when Process.Start(string,string) is entered?
- Does System.Diagnostic.Process.Start() runs a .exe file correctly
- c# How does Process.Start() method automatically know where files are located?
- Process.start() odd behavior
- How is Process.Start different from Start > Run?
- Starting exe with Process.Start(), weird stuff going on
- Does Process.Start terminate the child program when the parent terminates?
- Process.Start() and the Process Tree
- Does process start use another thread?