There's a trick I once learned from Scott Hanselman's list of interview questions. You can easily list all programs running .NET in command prompt by using:

我曾经从 Scott Hanselman 的面试问题清单中学到了一个技巧。您可以使用以下命令轻松列出在命令提示符中运行 .NET 的所有程序：

tasklist /m "mscor*"

tasklist /m "mscor*"

It will list all processes that have mscor*amongst their loaded modules.

它将列出mscor*在其加载的模块中包含的所有进程。

We can apply the same method in code:

我们可以在代码中应用相同的方法：

public static bool IsDotNetProcess(this Process process)
{
  var modules = process.Modules.Cast<ProcessModule>().Where(
      m => m.ModuleName.StartsWith("mscor", StringComparison.InvariantCultureIgnoreCase));

  return modules.Any();
}

Use the CLR COM interfaces ICorPublish and ICorPublishProcess. The easiest way to do this from C# is to borrow some code from SharpDevelop's debugger, and do the following:

使用 CLR COM 接口 ICorPublish 和 ICorPublishProcess。从 C# 执行此操作的最简单方法是从 SharpDevelop 的调试器中借用一些代码，然后执行以下操作：

ICorPublish publish = new ICorPublish();
ICorPublishProcess process;

process = publish.GetProcess(PidToCheck);

if (process == null || !process.IsManaged)
{
    // Not managed.
}
else
{
    // Managed.
}

Use System.Reflection.Assembly.LoadFromfunction to load the .exe file. This function will throw exception if you try to load binary file that is not .NET assembly.

使用System.Reflection.Assembly.LoadFrom函数加载 .exe 文件。如果您尝试加载非 .NET 程序集的二进制文件，此函数将引发异常。

Programmatically you'd get the starting image name using Win32 API like NtQueryInformationProcess, or in .Net use System.Diagnostics.Process.GetProcesses()and read Process.StartInfo.FileName.

以编程方式，您将使用 Win32 API 获取起始图像名称，例如NtQueryInformationProcess，或在 .Net useSystem.Diagnostics.Process.GetProcesses()和 read 中Process.StartInfo.FileName。

Then open and decode the PE headers of that image using details prescribed in the MSDN article below:

然后使用下面 MSDN 文章中规定的详细信息打开并解码该图像的 PE 标头：

http://msdn.microsoft.com/en-us/magazine/cc301808.aspx

http://msdn.microsoft.com/en-us/magazine/cc301808.aspx

Caveats: will only detect .NET built assemblies e.g. won't detect Win32 EXEs dynamically hosting CLR using CorHost APIs.

注意事项：只会检测 .NET 构建的程序集，例如不会检测使用 CorHost API 动态托管 CLR 的 Win32 EXE。

I know this is about a million years too late, but in case it helps - my favourite method to figure out if an exe is using .net is to run MSIL disassembler against it which comes with .net SDK. If a .net exe you indeed have, you'll get a nice graphical breakdown of its contents; if a plain old win32 exe it be, you'll get a message telling you so.

我知道这已经晚了大约一百万年，但如果有帮助 - 我最喜欢的确定 exe 是否使用 .net 的方法是针对它运行 .net SDK 附带的 MSIL 反汇编程序。如果您确实拥有 .net exe，您将获得其内容的精美图形细分；如果它是一个普通的老式 win32 exe，你会收到一条消息告诉你。

I suggest downloading the Redgate's DotNetReflector and checking if it can open the application.

我建议下载 Redgate 的 DotNetReflector 并检查它是否可以打开应用程序。

A list of running .NET processes is available in Performance Monitor. Just run perfmonand in the Monitoring Tools >> Performance Monitorclick +Icon or press Ctrl+N. In the list of available counters, at the beginning of the list find .NET CLR Jitand select a sub item. You will see a list of .NET process in Instances of selected objectlist.

正在运行的 .NET 进程列表在Performance Monitor. 只需运行perfmon并在监视工具>>性能监视器中单击+图标或按 Ctrl+N。在可用计数器列表中，在列表的开头找到.NET CLR Jit并选择一个子项。您将在所选对象列表的实例中看到 .NET 进程列表。

If you want a method in C# without running your app in Administrator mode, there is solution introduced by Process Hackertool.

如果您想在 C# 中使用一个方法而不在管理员模式下运行您的应用程序，那么Process Hacker工具引入了解决方案。

According to Process Hacker / .NET Tools / native.c:

根据Process Hacker / .NET Tools / native.c：

Most .NET processes have a handle open to a section named \BaseNamedObjects\Cor_Private_IPCBlock(v4)<ProcessId>.This is the same object used by the ICorPublish::GetProcess function. Instead of calling that function, we simply check for the existence of that section object. This means: * Better performance. * No need for admin rights to get .NET status of processes owned by other users.

大多数 .NET 进程都有一个句柄，指向名为\BaseNamedObjects\Cor_Private_IPCBlock( v4)<ProcessId> 的部分。这与 ICorPublish::GetProcess 函数使用的对象相同。我们不调用该函数，而是简单地检查该部分对象是否存在。这意味着： * 更好的性能。* 无需管理员权限即可获取其他用户拥有的进程的 .NET 状态。

Getting a list of Process handles in C# is a bit of hard work. Instead you can download the DotNetTools.dllfrom Process Hacker pluginsfolder and create an externmethod to use PhGetProcessIsDotNetfunction.

在 C# 中获取进程句柄列表是一项艰巨的工作。相反，您可以从 Process Hacker文件夹下载DotNetTools.dllplugins并创建extern使用PhGetProcessIsDotNet函数的方法。