Author Topic: [win32] Detecting Installs and windows updates  (Read 17897 times)

0 Members and 1 Guest are viewing this topic.

Offline LordVader

  • Full Member
  • ***
  • Posts: 113
  • Knowledge is power.
    • View Profile
    • James Moss on the web!
[win32] Detecting Installs and windows updates
« on: March 04, 2010, 07:53:44 pm »
I am thinking of writing an app to kill processes seen @ 99% cpu for extended periods of time(>= 30 secs) and store the process info on a list and allow the user to define the process to be able to autokill the process if seen @ 99% at a shorter increment (>=5 secs or w/e)..
The question i have is it's likely possible during software installs/updates and windows updates that this will happen where cpu use will go high and need to be allowed at those times I won't want to kill those processes, does anyone have any idea's or thoughts or know any registry keys that can detect active installations easily? As well I assume a exclusion process list watch for setup.exe/msiexec.exe and other's if seen don't kill any processes except those the user has defined as ok to kill.

Offline LordVader

  • Full Member
  • ***
  • Posts: 113
  • Knowledge is power.
    • View Profile
    • James Moss on the web!
Re: [win32] Detecting Installs and windows updates
« Reply #1 on: March 04, 2010, 08:24:09 pm »
One way around that would be to instead of autokilling by default just store any apps seen @ >30 seconds to the list then allow user to define apps to autokill and a time frame to kill them > 5 secs or w/e. Also was thinking possibly checking the user that is executing the process if it's system or network don't autokill unless is defined by the user etc..

Anyway, any idea's would be appreciated try'n to map out different logics..

Another option could be to prompt the user on any random processes and ask if they want to kill the process that would potentially just save time when the pc could get locking up and its a hassle to get into the taskmanager etc.

Offline Newby

  • Moderator
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: [win32] Detecting Installs and windows updates
« Reply #2 on: March 06, 2010, 04:16:01 am »
Out of sheer curiosity, why would you ever want to do this? If it's using CPU... it's probably using it for a reason. Your program just sounds like it's there to fix broken apps when in reality most apps people run aren't gonna be "broken" persay... if they're at 99% CPU usage, odds are they're doing something intense or they've hung and the user has realized it.
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: [win32] Detecting Installs and windows updates
« Reply #3 on: March 06, 2010, 10:49:37 am »
Not to mention that a lot of games will run at high CPU, especially graphics intensive ones. Starcraft stayed at 100% CPU as well, because of how the game was written.


Offline rabbit

  • x86
  • Hero Member
  • *****
  • Posts: 8092
  • I speak for the entire clan (except Joe)
    • View Profile
Re: [win32] Detecting Installs and windows updates
« Reply #4 on: March 06, 2010, 12:54:59 pm »
I'm gonna laugh if you try to kill System Idle Process.

Offline LordVader

  • Full Member
  • ***
  • Posts: 113
  • Knowledge is power.
    • View Profile
    • James Moss on the web!
Re: [win32] Detecting Installs and windows updates
« Reply #5 on: March 07, 2010, 10:27:29 pm »
Various apps often do eat up cpu randomly do this for a variety of reasonsrun away threads or cpu etc..
In particular msn when camming and firefox when using greasemonkey and certain scripts.. and yes before  you say it I know it's due to the scripts in greasemonkey and often due to varous flash apps in particular that the scripts are try'n to interact with now the "what" isn't the issue here, what im after is ideas to filter out "needed" processes vs random processes.

Particularly happens when camming on msn to a friend who lives in the UK it's completely random just a run away thread/memory leak unsure what the cause is happens at other times but nearly causes the whole pc to lockup indefinitely if the cam is on at the time.
But there are other times similar happens but not as bad, I often am on facebook playing apps like mafia wars and I use greasemonkey + scripts to automate playing some of them which after a period of time different lists (in greasemonkey) etc cause the firefox process to be @ 1g+ memory use and very easilly can cause the system to slow and at times lockup depending what else im doing.

More or less am thinking of ways to try to store processes seen to run at high cpu for extended periods of time, and define certain ones to auto kill after x timeframe if seen, and want to filter out system processes and other "needed tasks" like installers and the like.
« Last Edit: March 07, 2010, 10:36:15 pm by LordVader »

Offline LordVader

  • Full Member
  • ***
  • Posts: 113
  • Knowledge is power.
    • View Profile
    • James Moss on the web!
Re: [win32] Detecting Installs and windows updates
« Reply #6 on: March 07, 2010, 11:33:35 pm »
My idea for the app to keep the system from becoming unstable and prevent apps from hitting a state the system locks up indefinitely..
Basic logic could be checking if CPU use is at 99% on a timer and then enumerating thru the processes using these methods to detect "unresponsive" processes/windows:
If anyone knows any other methods to detect potential hung apps feel free to share.

Once something is causing the system to be so slow that it takes 30 seconds or worse 10+ minutes to get into task manager and click end process that is a bit of an annoying situation to be in and i'm thinking of ways to try to help manage this that don't require the user (me) to have to do anything to salvage the situation without the system locking up and having to reboot or waiting out the offending process or end tasking it via the taskmanager. And i'm wanting to go a little bit further than simply just adding particular processes to a watch/kill list. Ideally i'd like to create list of apps seen to be hung at times when cpu% is at 99%, but want to filter out required/important processes from that list.. then allow the user to define processes out of that that list to a watch/kill list.

Offline rabbit

  • x86
  • Hero Member
  • *****
  • Posts: 8092
  • I speak for the entire clan (except Joe)
    • View Profile
Re: [win32] Detecting Installs and windows updates
« Reply #7 on: March 08, 2010, 01:20:46 am »
So really what you want is a program that will kill and then restart your Firefox when your autoplay script for Mafia Wars causes it to use too much memory?

Offline LordVader

  • Full Member
  • ***
  • Posts: 113
  • Knowledge is power.
    • View Profile
    • James Moss on the web!
Re: [win32] Detecting Installs and windows updates
« Reply #8 on: March 08, 2010, 02:25:27 am »
So really what you want is a program that will kill and then restart your Firefox when your autoplay script for Mafia Wars causes it to use too much memory?
If that's what i wanted i would of just written that and never posted here..
More when "any" non critical apps enter a state they could become unresponsive generally due to run away threads causing the system to be totally unresponsive and headed toward complete deadlock.
Lately most problematic is msn when my webcam is on or being turned on, this is the worst offender lately on my xp box and yes it is generally worse and happens more often when something like firefox is eating up memory, but at this point there is nothing going to help the situation but killing msn or sending a msg to the other user via my phone or another computer to turn the cam off on there end and hope my end responds and chills out. But at that point restarting firefox wouldn't do much good because msn is in a bad state already so there's little point attempting to do anything but kill msn.. So yes i want to watch for a situation and kill a particular app but that's not a hard task to do, instead I am asking specifically for idea's in general and particularly for methods that could help filter out "needed" processes so they're skipped for example possibly looking at the user that is executing the process and only return "user" executed apps (this may could likely skip most important system tasts).. but that still leaves installers potentially and a few other things that may be important at times and was curious if there is a way to detect that via registery keys or other means beyond monitoring app names like setup.exe/msiexec.exe/install.exe/update.exe..

The code relating to checking the processes/enumerating and what not I already have done in older projects, am more looking for logic idea's and information on detecting things mentioned above, or possibly other idea's anyone has..

Ideally currently in my mind i would pool cpu use when seen at 99% enum processes check each to see if the app is hung then store it into a list of "bad apps" then let the user define actions to take and a time frame, acting being killing or possibly choose to restart the app/service also.

*Update:
One method could be to store all processes seen over time in a list display the list and try to flag the process as such:
1) System/Required - Kill Risk: High, system may be worse off.
2) General Service - Kill Risk: Medium, prolly won't affect system stability, but pay attention.
3) General Apps - Kill Risk: Low, shouldn't affect the system at all.

But then we still run into needing to define the processes properly, or just tell the user what to avoid clearly (system processes, and setup/installers) tho I suppose that could be handled by sorting the list into different types:
1) Services
2) Applications
and further more sorting those two separate lists by the user the process is running as:
1) User
2) System
3) Local Service
4) Network Service
And just write up good documentation telling the user what is safe/not in general possibly? I dunno am doin 20 other things atm am rambling a bit as a distraction lol

*Update #2
With the idea of storing all processes and sorting them in various ways to display to the user, we could also allow the user to define an exclusion list so they can hide processes from showing up in the lists long term.

Am leaning in that direction currently as it's the least amount of work providing the most flexibility and information gathering potential of the different processes that I can think of currently.
« Last Edit: March 08, 2010, 07:23:17 am by LordVader »

Offline warz

  • Hero Member
  • *****
  • Posts: 1134
    • View Profile
    • chyea.org
Re: [win32] Detecting Installs and windows updates
« Reply #9 on: March 08, 2010, 09:55:18 am »
Seems to me that you already know what you need to do. I'm not sure what kind of help you're asking for. Perhaps just confirmation on your approach? If that's what you're looking for then I think your entire idea is really bad. You've said why you want to do this ... but ... why?!
http://www.chyea.org/ - web based markup debugger

Offline LordVader

  • Full Member
  • ***
  • Posts: 113
  • Knowledge is power.
    • View Profile
    • James Moss on the web!
Re: [win32] Detecting Installs and windows updates
« Reply #10 on: March 09, 2010, 02:11:21 am »
Seems to me that you already know what you need to do. I'm not sure what kind of help you're asking for. Perhaps just confirmation on your approach? If that's what you're looking for then I think your entire idea is really bad. You've said why you want to do this ... but ... why?!
Was asking for idea's to check if installers or similar were active via registery keys or other means.. And yes looking for possible other idea's to handle situations where the systems performance is degrading and it may take time to get into the taskmanager to end a process.. In your views why is this approach a bad idea? Am mainly looking for methods that could save time when system is in a state that the user can't get into task manager quickly due to degrading system performance (memory leaks/run away threads) to kill a process, and instead have something in place that could potentially do it for you if you have identified programs that tend to be the cause.
« Last Edit: March 09, 2010, 09:45:38 am by LordVader »

Offline Joe

  • B&
  • Moderator
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: [win32] Detecting Installs and windows updates
« Reply #11 on: March 09, 2010, 04:10:33 pm »
Why not put up a prompt asking if you want to kill a program? That way you get to decide.
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline LordVader

  • Full Member
  • ***
  • Posts: 113
  • Knowledge is power.
    • View Profile
    • James Moss on the web!
Re: [win32] Detecting Installs and windows updates
« Reply #12 on: March 09, 2010, 04:47:02 pm »
Why not put up a prompt asking if you want to kill a program? That way you get to decide.
Yah that could be an option for potential unknown apps matching some definable criteria, maybe have different modes it operates in and different checks and timeframes defined defaults could be adding unknown files to list and prompting within givin thresholds say options like this:
1) cpu steady 99% + definable time frame (default 20 seconds)
2) SendMessageTimeout() sending WM_NULL and waiting for a responce within a givin time frame
3) Checking IsHungApp() every x milliseconds if seen hung for a definable time frame

Then allow the user to:
Add offending program a "bad app" list of which they can later define actions prompt-to-kill/auto-kill/auto-restart etc, as well as fine tune the triggers/time frames.

Something like that what'cha think Joe?

Offline Ender

  • x86
  • Hero Member
  • *****
  • Posts: 2390
    • View Profile
Re: [win32] Detecting Installs and windows updates
« Reply #13 on: March 09, 2010, 06:22:50 pm »
Seems to me that you already know what you need to do. I'm not sure what kind of help you're asking for. Perhaps just confirmation on your approach? If that's what you're looking for then I think your entire idea is really bad. You've said why you want to do this ... but ... why?!
Was asking for idea's to check if installers or similar were active via registery keys or other means.. And yes looking for possible other idea's to handle situations where the systems performance is degrading and it may take time to get into the taskmanager to end a process.. In your views why is this approach a bad idea? Am mainly looking for methods that could save time when system is in a state that the user can't get into task manager quickly due to degrading system performance (memory leaks/run away threads) to kill a process, and instead have something in place that could potentially do it for you if you have identified programs that tend to be the cause.

Dude.....

Improve your English......

Offline LordVader

  • Full Member
  • ***
  • Posts: 113
  • Knowledge is power.
    • View Profile
    • James Moss on the web!
Re: [win32] Detecting Installs and windows updates
« Reply #14 on: March 10, 2010, 12:22:45 am »
Seems to me that you already know what you need to do. I'm not sure what kind of help you're asking for. Perhaps just confirmation on your approach? If that's what you're looking for then I think your entire idea is really bad. You've said why you want to do this ... but ... why?!
Was asking for idea's to check if installers or similar were active via registery keys or other means.. And yes looking for possible other idea's to handle situations where the systems performance is degrading and it may take time to get into the taskmanager to end a process.. In your views why is this approach a bad idea? Am mainly looking for methods that could save time when system is in a state that the user can't get into task manager quickly due to degrading system performance (memory leaks/run away threads) to kill a process, and instead have something in place that could potentially do it for you if you have identified programs that tend to be the cause.

Dude.....

Improve your English......
thanks but why don't you spend the time to pick that apart first I mean you are attempting to be helpful in some vague way right? Why not point out the bad English, or actually you probably ment bad grammar right? While your at it write a 1000 word essay on why someone should take that much time when we're on a forum and not in school or the workplace.

Till then stick to the topic, or better yet ignore it so far i've gotten 3-4 even remotely helpful replies the rest have been garbage and still have managed to map out a basic concept that should work ok despite the bullshit due to lack of reading/comprehension or due to lack of grammar / structure on my part which really shouldn't matter here to a large degree.

If your unsure about something point it out and do better than vagueness that shouldn't be hard for the brain trust around here I would think. iago and Joe are always helpful when they have the time, so are alot of other's but some (look thru this thread as an example) really waste alot of time. Not that im in any rush as I probably won't even have time to start on this for another month or two but still it's mind boggling to see alot of the same ppl wasting other ppl's time on forums like this. Specially considering this is one of few forums with a few ppl i actually respect enuff to seek help from in any fashion as most sites/forums it's usually alot of the same as what has gone on here in this thread alot of random ppl showing up to do alot of random pointless replies.
« Last Edit: March 10, 2010, 12:48:21 am by LordVader »