I need help with detecting an exe file running on a PC, much like the way an AV does it. I need it on order to prevent users from running the program on some PCs.
At first, I used filenames, but someone got clever and renamed the exe. Then I used an MD5 checksum of the file but that method proved ineffective as it detected only one build of the exe. And by just rebuilding the exe without changing anything on the code, the md5 way was beaten. I was thinking more of taking a sequence of bytes from the file and doing a comparison but won't that get other processes that are not that particular exe?
I tried looking for the best offset to take but am stuck. Any help? I have two versions of the exe, debug and release so I can compare what is common in both.
Oh, and I use C++.