Reputation: 4938
Get from a started program path to .lnk file that started it
Is there a way in Windows OS to detect whether you program has been started from .bat or .lnk file and obtain the full path to it?
I know I can get the parent process, but how to detect... for the lack of a better term let's name it 'way'... the way a program has been started?
UPDATE
Some malware modifies .lnk file (adding an ad to its params) pointing to my app. Also it starts my app from .bat. I want to check hash of the .lnk file and just quit if it's been started from .bat.
Regards,
Upvotes: 0
Views: 351
Answers (1)
Reputation: 333
How does the program get started? Is it a SERVICE or does it run on startup? If you killed the program, can you re-start it predictably?
I would use Processs Monitor to triangulate on what launched the app.
Process Monitor logs EVERYTHING the machine is doing. You can filter out all the noise to just .lnk, .bat, and/or your specific program.
- Kill the program
- Start Process Monitor (with filters applied)
- Start the program
- Stop Process Monitor
- Search Process Monitor log by your program name
- Scroll back to see what processes lead up to the program running
Hope it helps.
-Allen
Upvotes: 1
Related Questions
- how to run application which has .lnk extension with .bat script
- Reading the target of a .lnk file in Python?
- Reading the target of a .lnk file in C# .NET Core?
- How to get the (.lnk) shortcut filepath in a program which started by the shortcut?
- Accessing target path from a shortcut file on a 64 bit system using 32 bit application
- Creating a file shortcut (.lnk)
- Getting the source .exe file name from .lnk shortcut in batch script?
- How to Retrieve Name of .lnk (short cut) file
- How can I launch programmatically (C++) an application from a Windows shortcut (.lnk file)?
- .NET read binary contents of .lnk file