static void RecordModuleList(HANDLE LogFile)
{
	if (!g_bModuleList)
		return;

	hprintf(LogFile, "\r\n"
					 "\tModule list: names, addresses, sizes, time stamps "
			"and file times:\r\n");
	SYSTEM_INFO	SystemInfo;
	GetSystemInfo(&SystemInfo);
	const size_t PageSize = SystemInfo.dwPageSize;
	// Set NumPages to the number of pages in the 4GByte address space,
	// while being careful to avoid overflowing ints.
	const size_t NumPages = 4 * size_t(ONEG / PageSize);
	size_t pageNum = 0;
	void *LastAllocationBase = 0;
	while (pageNum < NumPages)
	{
		MEMORY_BASIC_INFORMATION	MemInfo;
		if (VirtualQuery((void *)(pageNum * PageSize), &MemInfo,
					sizeof(MemInfo)))
		{
			if (MemInfo.RegionSize > 0)
			{
				// Adjust the page number to skip over this block of memory.
				pageNum += MemInfo.RegionSize / PageSize;
				if (MemInfo.State == MEM_COMMIT && MemInfo.AllocationBase >
							LastAllocationBase)
				{
					// Look for new blocks of committed memory, and try
					// recording their module names - this will fail
					// gracefully if they aren't code modules.
					LastAllocationBase = MemInfo.AllocationBase;
					ShowModuleInfo(LogFile, (HINSTANCE)LastAllocationBase);
				}
			}
			else
				pageNum += SIXTYFOURK / PageSize;
		}
		else
			pageNum += SIXTYFOURK / PageSize;
		// If VirtualQuery fails we advance by 64K because that is the
		// granularity of address space doled out by VirtualAlloc().
	}
}
void Dlg_OnCommand(HWND hwnd, int id, HWND hwndCtl, UINT codeNotify) 
{
   static BOOL s_fProcesses = TRUE;

   switch (id) 
   {
      case IDCANCEL:
         EndDialog(hwnd, id);
         break;

      /* Restart the application when we are not running 
       * as Elevated Administrator.
	   */
      case IDC_BTN_SYSTEM_PROCESSES: 
	  {
         /* Hide ourself before trying to start the same application
          * but with elevated privileges.
		  */
         ShowWindow(hwnd, SW_HIDE);

         TCHAR szApplication[MAX_PATH];
         DWORD cchLength = _countof(szApplication);

         /* Retrieves the full name of the executable 
		  * image for the specified process.
		  * hProcess [in]
          *   A handle to the process. 
		  *   This handle must be created with the PROCESS_QUERY_INFORMATION 
		  *   or PROCESS_QUERY_LIMITED_INFORMATION access right. 
		  *   For more information, see Process Security and Access Rights.
		  * dwFlags [in]
          *   This parameter can be one of the following values.
		  *   0 The name should use the Win32 path format.
		  *     The name should use the native system path format.
		  * lpExeName [out]
          *   The path to the executable image. 
		  *   If the function succeeds, this string is null-terminated. 
		  * lpdwSize [in, out]
          *   On input, specifies the size of the lpExeName buffer, in characters. 
		  *   On success, receives the number of characters written to the buffer, 
		  *   not including the null-terminating character.
		  */
         QueryFullProcessImageName(
            GetCurrentProcess(), 
			0, 
			szApplication, 
			&cchLength);

         DWORD dwStatus = StartElevatedProcess(szApplication, NULL);
         if (dwStatus == S_OK) 
		 {
            /* not need to keep on working under lower privileges. */
            ExitProcess(0);
         }
         
         /* In case of error, show up again. */
         ShowWindow(hwnd, SW_SHOWNORMAL);
      }
      break;

      case ID_PROCESSES:
         s_fProcesses = TRUE;
         EnableMenuItem(GetMenu(hwnd), ID_VMMAP, MF_BYCOMMAND | MF_ENABLED);
         DrawMenuBar(hwnd);
         Dlg_PopulateProcessList(hwnd);
         break;

      case ID_MODULES:
         EnableMenuItem(GetMenu(hwnd), ID_VMMAP, MF_BYCOMMAND | MF_GRAYED);
         DrawMenuBar(hwnd);
         s_fProcesses = FALSE;
         Dlg_PopulateModuleList(hwnd);
         break;

      case IDC_PROCESSMODULELIST:
         if (codeNotify == CBN_SELCHANGE) {
            DWORD dw = ComboBox_GetCurSel(hwndCtl);
            if (s_fProcesses) {
               dw = (DWORD) ComboBox_GetItemData(hwndCtl, dw); // Process ID
               ShowProcessInfo(GetDlgItem(hwnd, IDC_RESULTS), dw);
            } else {
               // Index in helper listbox of full path
               dw = (DWORD) ComboBox_GetItemData(hwndCtl, dw); 
               TCHAR szModulePath[1024];
               ListBox_GetText(GetDlgItem(hwnd, IDC_MODULEHELP), 
               dw, szModulePath);
               ShowModuleInfo(GetDlgItem(hwnd, IDC_RESULTS), szModulePath);
            }
         }
         break;

      case ID_VMMAP: {
         TCHAR szCmdLine[32];
         HWND hwndCB = GetDlgItem(hwnd, IDC_PROCESSMODULELIST);
         DWORD dwProcessId = (DWORD)
            ComboBox_GetItemData(hwndCB, ComboBox_GetCurSel(hwndCB));
         StringCchPrintf(szCmdLine, _countof(szCmdLine), TEXT("%d"), 
            dwProcessId);

         DWORD dwStatus = 
            StartElevatedProcess(TEXT("\"14-VMMap.exe\""), szCmdLine);
         if (dwStatus == ERROR_CANCELLED) {
            chMB("Failed to run 14-VMMap.exe: you refused access.");
         }
      }
      break;
   }
}
Beispiel #3
0
void Dlg_OnCommand(HWND hwnd, int id, HWND hwndCtl, UINT codeNotify) {

   static BOOL s_fProcesses = TRUE;

   switch (id) {
      case IDCANCEL:
         EndDialog(hwnd, id);
         break;

      // Restart the application when we are not running 
      // as Elevated Administrator.
      case IDC_BTN_SYSTEM_PROCESSES: {
         // Hide ourself before trying to start the same application
         // but with elevated privileges.
         ShowWindow(hwnd, SW_HIDE);

         TCHAR szApplication[MAX_PATH];
         DWORD cchLength = _countof(szApplication);
         QueryFullProcessImageName(
            GetCurrentProcess(), 0, szApplication, &cchLength);
         DWORD dwStatus = StartElevatedProcess(szApplication, NULL);
         if (dwStatus == S_OK) {
            // not need to keep on working under lower privileges.
            ExitProcess(0);
         }
         
         // In case of error, show up again.
         ShowWindow(hwnd, SW_SHOWNORMAL);
      }
      break;

      case ID_PROCESSES:
         s_fProcesses = TRUE;
         EnableMenuItem(GetMenu(hwnd), ID_VMMAP, MF_BYCOMMAND | MF_ENABLED);
         DrawMenuBar(hwnd);
         Dlg_PopulateProcessList(hwnd);
         break;

      case ID_MODULES:
         EnableMenuItem(GetMenu(hwnd), ID_VMMAP, MF_BYCOMMAND | MF_GRAYED);
         DrawMenuBar(hwnd);
         s_fProcesses = FALSE;
         Dlg_PopulateModuleList(hwnd);
         break;

      case IDC_PROCESSMODULELIST:
         if (codeNotify == CBN_SELCHANGE) {
            DWORD dw = ComboBox_GetCurSel(hwndCtl);
            if (s_fProcesses) {
               dw = (DWORD) ComboBox_GetItemData(hwndCtl, dw); // Process ID
               ShowProcessInfo(GetDlgItem(hwnd, IDC_RESULTS), dw);
            } else {
               // Index in helper listbox of full path
               dw = (DWORD) ComboBox_GetItemData(hwndCtl, dw); 
               TCHAR szModulePath[1024];
               ListBox_GetText(GetDlgItem(hwnd, IDC_MODULEHELP), 
               dw, szModulePath);
               ShowModuleInfo(GetDlgItem(hwnd, IDC_RESULTS), szModulePath);
            }
         }
         break;

      case ID_VMMAP: {
         TCHAR szCmdLine[32];
         HWND hwndCB = GetDlgItem(hwnd, IDC_PROCESSMODULELIST);
         DWORD dwProcessId = (DWORD)
            ComboBox_GetItemData(hwndCB, ComboBox_GetCurSel(hwndCB));
         StringCchPrintf(szCmdLine, _countof(szCmdLine), TEXT("%d"), 
            dwProcessId);

         DWORD dwStatus = 
            StartElevatedProcess(TEXT("\"14-VMMap.exe\""), szCmdLine);
         if (dwStatus == ERROR_CANCELLED) {
            chMB("Failed to run 14-VMMap.exe: you refused access.");
         }
      }
      break;
   }
}