Search code examples
windowswindows-8logmein

Detect programmatically if there is a LogMeIn remote session

Is there a way to programmatically detect if there is a LogMeIn session on the current Windows PC / user?

I have tried it in several ways (in C#, but the language is irrelevant):

  • Using a CPU performance counter, assuming that LogMeInRC.exe's CPU usage was substantially higher while in session. This approach is able to detect some sessions, but the error rate is way too high.
  • By monitoring the Performance Counters IO Write Bytes/s or IO Data Bytes/s of LogMeIn. This works only initially. If the session is older than a minute, these Performance Counters don't record any activity, even though LogMeIn still has network traffic.

Any hints?

Solution

  • Solved it by intercepting ETW traces:

    var logmeinProcess = System.Diagnostics.Process.GetProcessesByName("LogMeIn").Single();
using (var session = new TraceEventSession("MyRealTimeSession"))         // Create a session to listen for events
{
    session.EnableKernelProvider(Microsoft.Diagnostics.Tracing.Parsers.KernelTraceEventParser.Keywords.NetworkTCPIP);
    session.Source.Kernel.UdpIpSend += (data) =>
    {
        if (data.ProcessID == logmeinProcess.Id)
        {
            lock (_logMeInUdpQueue)
            {
                _logMeInUdpQueue.Enqueue(DateTime.UtcNow);
            }
        }
    };

    session.Source.Process();
}

    This way I get the number of UDP Sends by the LogMeIn process, which is perfect for detecting LogMeIn sessions.