How to capture pid of processes that are accessing x service

Asked

Viewed 128 times

1

I would like to know a way to monitor all processes that are using a service/ system functionality, more specifically want monitor processes requesting and modifying the position of mouse, I tried to find out how it works, but I can only find ways to change/view this data using ASM or C.

I looked at these two links [To] [B] on handling with ASM, but even so it seems that this system feature does not have a kernel control, I know that this is not so, all the resources have a kind of control.

In short: I want to know where I can directly consult the processes that are reading and writing in the addresses related to the mouse;

The language is the system are not important, any result is fine This does not leave my question too wide or out of scope, I’m questioning a way to access a system information.

operating-system kernel
  • 1

    That will depend fully of the operating system. The way that could be done on Windows, for example, is totally different from Linux or OS X. The tutorials you saw speak of BIOS interruptions.

  • yes I imagined the difference between the two systems, about the tutorials, I imagined that it would be a form of direct access to the device ): I really wanted to know if, and how the systems control these calls

  • 1

    You can write a lot about it :). An easy way to know which process is modifying the mouse position is through the function GetCursorPos to get the coordinates and use WindowFromPoint to obtain the Handle from the window where the click was launched, and with GetWindowThreadProcessId you get the id from this window and with and with OpenProcess you recover the Handle process and finally, calls the function QueryFullProcessImageName with it you recover the executable that is doing this. If you are interested something for Linux, there is the ptrace

  • 1

    It seems Windows uses Mouclass to deal with mouse events and with Hooking is also possible using that call return coordinates can be obtained by the MSLLHOOKSTRUCT .

  • 1

    Take a look at this page also.

  • @Qmechanic73, I am looking at the links, unfortunately it would not be possible to pick up the pid by the current window, because the idea is to identify Who is manipulating the mouse, for example capture a bot that is manipulating the device.

Show 1 more comment
No answers

Browser other questions tagged operating-system kernel

You are not signed in. Login or sign up in order to post.