Home > Enterprise >  Get process names of installed programs
Get process names of installed programs

Time:08-11

How can one get the corresponding process name of the installed programs in Windows (10)? For now, I'm using this

string uninstallKey = @"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"; 
using (RegistryKey rk = Registry.LocalMachine.OpenSubKey(uninstallKey))
      {
          foreach (string skName in rk.GetSubKeyNames())
          {
              using (RegistryKey sk = rk.OpenSubKey(skName))
              {
                  //returns installed programs
              }
          }
      } 

to return the installed software. Despite not every installed program being shown, how can I get the name of the process, like it would be shown in Task Manager, that the program would start if it was started?

I want to make an application blacklist. If an application gets started it compares its process with the blacklist. If the process matches with an entry in the list, the process gets killed.

CodePudding user response:

Use static method GetProcesses of Process class to create component for each running process on the local computer.

You can get their names like this:

var processNames = Process.GetProcesses().Select(x => x.ProcessName).ToList();

More about Process class here: https://docs.microsoft.com/en-us/dotnet/api/system.diagnostics.process?view=net-6.0

CodePudding user response:

You should consider to use the Windows integrated feature to block applications via the registry. You can create such entries programmatically.

However, you can implement your own, but you must know that you can't prevent applications from starting using your approach. You can only kill it after it was started and after it has allocated resources.

  1. Create your blacklist first: collect all installed application paths and let the user pick the application to blacklist (see CreateInstalledApplicationIndex method).
  2. Use WMI to observe any process starts by registering a corresponding event handler.
  3. In the event handler retrieve the started Process and compare its filename to your blacklisted filenames to identify and handle a forbidden process.
private List<FileInfo> InstallationInfos { get; } = new List<FileInfo>();
private List<FileInfo> BlacklistedExecutables { get; } = new List<FileInfo>();

public void ApplyBlacklist()
{
  CreateInstalledApplicationIndex();
  WatchProcessStarts();
}

private void CreateInstalledApplicationIndex()
{
  string uninstallKey = @"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall";
  using RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(uninstallKey);

  foreach (string subKeyName in registryKey.GetSubKeyNames())
  {
    using RegistryKey subKey = registryKey.OpenSubKey(subKeyName);

    var installationPath = subKey.GetValue("InstallLocation") as string;
    if (string.IsNullOrWhiteSpace(installationPath))
    {
      continue;
    }

    IEnumerable<FileInfo> fileInfos = Enumerable.Empty<FileInfo>();
    try
    {
      var installationDirectoryInfo = new DirectoryInfo(installationPath);
      fileInfos = installationDirectoryInfo.EnumerateFiles("*.exe", new EnumerationOptions());
    }
    catch (IOException)
    {
      continue;
    }

    foreach (FileInfo fileInfo in fileInfos)
    {
      this.InstallationInfos.Add(fileInfo);

      // For demo, all executables are blacklisted.
      // TODO::Let user fill Blacklisted collection.
      this.BlacklistedExecutables.Add(fileInfo);
    }
  }
}

private void WatchProcessStarts()
{
  WqlEventQuery query = new WqlEventQuery("SELECT * FROM Win32_ProcessStartTrace");
  ManagementEventWatcher watcher = new ManagementEventWatcher(query);
  watcher.EventArrived  = OnProcessStarted;

  // Start listening for process start events
  watcher.Start();
                
  // Stop listening for process start events
  //watcher.Stop();
}

private void OnProcessStarted(object sender, EventArrivedEventArgs e)
{
  uint startedProcessId = (uint)e.NewEvent["ProcessID"];

  // Note: Convert.ToInt32 will throw an OverflowException
  // in case uint does not fit into an int.
  // You must decide whether to handle this particular exception or to let it crash your application.
  // Since it is very very unlikely that a machine runs Int32.MaxValue processes, 
  // I recommend not to handle this exception.
  Process startedProcess = Process.GetProcessById(Convert.ToInt32(startedProcessId));

  bool isProcessBlacklisted = this.BlacklistedExecutables
    .Select(fileInfo => fileInfo.FullName)
    .Contains(startedProcess.MainModule.FileName);

  // TODO::Handle blacklisted process e.g., by killing it
  if (isProcessBlacklisted)
  {
    startedProcess.Kill(entireProcessTree: true);
  }
}

It is possible that you have to run your application as administrator in order to observe process starts and to kill them. In this case ensure to prompt the user to elevate your application's rights by restarting it with administrator permissions.

  • Related