Practically everything has a huahuahua way
There’s a protocol called SNMP(Simple Network Management Protocol) we use this protocol to monitor remote machines, with it it is possible to pick up information such as:
- Network traffic
- Hard disk space
- Processing
- Memory in use
- Processes in use etc
That is, this protocol is widely used to manage servers and computers, imagine a park with 100 servers running, you think we enter the 100 servers and we are looking if the hard drive is full, if the consumption of the network card is on the stalk, etc, etc??? of course not, we create automatic warning systems, a client server connects via SNMP in all Servers and is collecting the data each time X minutes, if something is wrong, this client server generates alerts, sends email, calls, beats drum, etc rsrs
So what you can do is enable the snmp server in windows/linux in which you want to collect the name of the program/process, see here as this can be done in windows, done this your program will have to connect to the pc you want via some client SNMP, in Delphi I know there is the Indy-SNMP.
Ex:
program snmptest;
{$APPTYPE Console}
uses
SysUtils, IdBaseComponent, IdComponent, IdUDPBase, IdUDPClient, IdSNMP;
var
Snmp: TIdSNMP;
Idx: Integer;
begin
Snmp := TIdSNMP.Create(nil);
try
Snmp.Query.Host := 'Hostname or IP'; //IP do computador que habilitou o snmp server
Snmp.Query.Community := 'public'; // comunidade configurada no snmp server
Snmp.Query.PDUType := PDUGetRequest;
Snmp.Query.MIBAdd('1.3.6.1.2.1.1.1.0',''); //OID que retorna o que deseja
if Snmp.SendQuery then
begin
WriteLn('Replies: ' + IntToStr(Snmp.Reply.ValueCount));
for Idx := 0 to Snmp.Reply.ValueCount - 1 do
WriteLn(Snmp.Reply.Value[0]);
end;
finally
Snmp.Free;
end;
end.
This parameter Snmp.Query.MIBAdd is the OID that you arrow to harvest the information you want, each number returns something different, ie will have an OID that returns memory information, OID that returns disk space, OID that returns the programs running, etc, etc, etc., this ai OID of code vc will have to test and check the q will get as return, gives a searched and tests the OID hrSWRunName, I think it returns all processes running on windows...
Also if you don’t want to use the Indy-SNMP install the executable client called snmpwalk on the computer that will do the query on the SNMP server, I just tested the OID hrSWRunName, on any PC on the network I installed the snmpwalk and used the command to show what it has running on the windows server (of course this server has the service snmp server enabled and configured)...
follow command and result:
snmpwalk -v 2c -c public 192.168.32.23 hrSWRunName
I got back:
HOST-RESOURCES-MIB::hrSWRunName.1 = STRING: "System Idle Process"
HOST-RESOURCES-MIB::hrSWRunName.4 = STRING: "System"
HOST-RESOURCES-MIB::hrSWRunName.288 = STRING: "smss.exe"
HOST-RESOURCES-MIB::hrSWRunName.336 = STRING: "csrss.exe"
HOST-RESOURCES-MIB::hrSWRunName.360 = STRING: "winlogon.exe"
HOST-RESOURCES-MIB::hrSWRunName.408 = STRING: "services.exe"
HOST-RESOURCES-MIB::hrSWRunName.420 = STRING: "lsass.exe"
HOST-RESOURCES-MIB::hrSWRunName.576 = STRING: "svchost.exe"
HOST-RESOURCES-MIB::hrSWRunName.660 = STRING: "svchost.exe"
HOST-RESOURCES-MIB::hrSWRunName.732 = STRING: "svchost.exe"
HOST-RESOURCES-MIB::hrSWRunName.768 = STRING: "svchost.exe"
HOST-RESOURCES-MIB::hrSWRunName.784 = STRING: "svchost.exe"
HOST-RESOURCES-MIB::hrSWRunName.916 = STRING: "spoolsv.exe"
HOST-RESOURCES-MIB::hrSWRunName.940 = STRING: "msdtc.exe"
HOST-RESOURCES-MIB::hrSWRunName.1152 = STRING: "svchost.exe"
HOST-RESOURCES-MIB::hrSWRunName.1176 = STRING: "ibguard.exe"
HOST-RESOURCES-MIB::hrSWRunName.1196 = STRING: "sqlservr.exe"
HOST-RESOURCES-MIB::hrSWRunName.1252 = STRING: "svchost.exe"
HOST-RESOURCES-MIB::hrSWRunName.1304 = STRING: "snmp.exe"
HOST-RESOURCES-MIB::hrSWRunName.1608 = STRING: "WUSyncSvc.exe"
HOST-RESOURCES-MIB::hrSWRunName.1636 = STRING: "mssearch.exe"
HOST-RESOURCES-MIB::hrSWRunName.1840 = STRING: "sqlagent.exe"
HOST-RESOURCES-MIB::hrSWRunName.1876 = STRING: "svchost.exe"
HOST-RESOURCES-MIB::hrSWRunName.1896 = STRING: "ibserver.exe"
HOST-RESOURCES-MIB::hrSWRunName.2024 = STRING: "alg.exe"
HOST-RESOURCES-MIB::hrSWRunName.2172 = STRING: "wmiprvse.exe"
HOST-RESOURCES-MIB::hrSWRunName.2232 = STRING: "cmd.exe"
HOST-RESOURCES-MIB::hrSWRunName.2432 = STRING: "notepad.exe"
HOST-RESOURCES-MIB::hrSWRunName.2712 = STRING: "explorer.exe"
HOST-RESOURCES-MIB::hrSWRunName.2780 = STRING: "ctfmon.exe"
HOST-RESOURCES-MIB::hrSWRunName.2792 = STRING: "sqlmangr.exe"
HOST-RESOURCES-MIB::hrSWRunName.2864 = STRING: "svchost.exe"
HOST-RESOURCES-MIB::hrSWRunName.3980 = STRING: "isqlw.exe"
This means that another option then is to make your Delphi run a snmpwalk and take the return of the command, treat the return and compare if the . exe you want is in return (in vdd the Indy-SNMP is an SNMP client, practically it is a snmpwalk right, much better to use the Indy-snmp than to have to install external client)...
As you can see, this can be dangerous, a hacker on your network can find out which community vc set up on the servers and try to scan your network for open SNMP ports, with this he can get information of services and programs running on the network, and then try to explore, so when setting up the SNMP server service don’t forget to allow only trusted IP’s to do read-only queries ....
Thanks! I will do the tests. when I finish I put a return.
– Edu Mendonça
good luck there ...
– ederwander
@ederwander guy would like to talk to you about the googletts that you have on github. how can I contact you ?
– Jasar Orion