Originally Posted by
Sychotix
, they scan for suspicious programs and patterns.
I'm not trying to piss you off in any way, but I still don't understand what you mean by "scan .. patterns"
You yourself stated that no scanning is possible here:
https://www.ownedcore.com/forums/mmo...ml#post4355694 (Run PoE as a limited user)
I was not too lazy then to make a test c# application and realized that you were right and calmed down.
this code:
Code:
namespace Stas.NetCoreTest {
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
internal class LimitedUser {
public LimitedUser() {
while (true) {
try {
ReadTitle();
ReadProcess("Discord", 0);
}
catch (Exception ex) {
Console.WriteLine(ex.Message);
break;
}
Thread.Sleep(2000);
}
Console.ReadKey();
}
void ReadTitle() {
var title = GetForegroundWindowTitle(); // <1 ms
Console.WriteLine("ForegroundWindowTitle=" + title);
var curr_top_ptr = GetForegroundWindow();
Console.WriteLine("top_ptr=" + curr_top_ptr);
}
public void ReadProcess(string p_name, int p_index) {
var _pa = Process.GetProcessesByName(p_name);
if (_pa.Length > 0) {
Console.WriteLine("found ["+_pa.Length+"] with name=["+ p_name + "]");
if (p_index < _pa.Length) {
var curr_p = _pa[p_index];
var AddressOfProcess = curr_p.MainModule.BaseAddress;
Console.WriteLine("AddressOfProcess=" + AddressOfProcess);
var MainWindowHandle = curr_p.MainWindowHandle;
Console.WriteLine("MainWindowHandle=" + MainWindowHandle);
}
}
}
[DllImport("user32.dll")]
public static extern IntPtr GetForegroundWindow();
[DllImport("user32.dll")]
static extern int GetWindowText(IntPtr hWnd, StringBuilder text, int count);
public static string GetForegroundWindowTitle() {
const int nChars = 256;
StringBuilder Buff = new StringBuilder(nChars);
IntPtr handle = GetForegroundWindow();
if (GetWindowText(handle, Buff, nChars) > 0) {
return Buff.ToString();
}
return null;
}
}
}
If you run it as a user with limited rights, then we will get an error already at the stage of reading curr_p.MainModule.BaseAddress
which means the POE can only get the list of running processes and the ForegroundWindowTitle/ptr