int getProcessID(const char * name)
{
DWORD aProcesses[1024], cbNeeded, cProcesses;
unsigned int i;
memset(&aProcesses, 0, sizeof(aProcesses));
if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) )
{
return 0;
}
// Calculate how many process identifiers were returned.
cProcesses = cbNeeded / sizeof(DWORD);
// Print the name and process identifier for each process.
for ( i = 0; i < cProcesses; i++ )
{
if( aProcesses[i] != 0 )
{
if (isThisProcessID( aProcesses[i], name ))
return aProcesses[i];
}
}
return 0;
}
// Returns the process ID for each process object in the system.
inline std::vector<DWORD> get_processes()
{
std::vector<DWORD> ids(512);
const DWORD bytes = static_cast<DWORD>(ids.size()) * sizeof(DWORD);
DWORD bytes_returned = 0;
BOOL res = EnumProcesses(&ids[0], bytes, &bytes_returned);
if (!res)
{
std::cerr << "could not retrieve process identifiers: "
<< system_error_string() << std::endl;
}
DWORD actual_proc_count = bytes_returned / sizeof(DWORD);
while (actual_proc_count == ids.size())
{
std::clog << "retry (process count: " << actual_proc_count
<< ")" << std::endl;
ids.resize(10 * actual_proc_count);
EnumProcesses(&ids[0],
static_cast<DWORD>(ids.size()) * sizeof(DWORD),
&bytes_returned);
actual_proc_count = bytes_returned / sizeof(DWORD);
}
auto it = ids.begin();
std::advance(it, actual_proc_count);
ids.erase(it, ids.end());
return ids;
}
EnumProcessesResponse *getAllPids() {
DWORD size = sizeof(DWORD) * 512;
DWORD *aProcesses = NULL;
DWORD cbNeeded, cProcesses;
EnumProcessesResponse *res = calloc(1, sizeof(*res));
// EnumProcesses modifies cbNeeded, setting it to the amount of bytes
// written into aProcesses. Thus, we need to check if cbNeeded is equal
// to size. In that case, it means that the array was filled completely and
// we need to use a bigger array because probably we left elements out.
do {
size *= 2;
aProcesses = realloc(aProcesses, size);
BOOL success = EnumProcesses(aProcesses, size, &cbNeeded);
if (!success) {
res->error = GetLastError();
free(aProcesses);
return res;
}
}
while(cbNeeded == size);
res->error = 0;
res->pids = aProcesses;
res->length = cbNeeded/sizeof(DWORD);
return res;
}
void kill_process(string name)
{
#ifdef _WIN32
CHAR szProcBuff[101];
DWORD pIDs[300], dwBytesReturned;
HANDLE hProcess;
INT i, procCount;
EnumProcesses(pIDs, sizeof(pIDs), &dwBytesReturned);
procCount = dwBytesReturned / sizeof(DWORD);
for (i = 0; i < procCount; i++)
if (pIDs[i] != 0)
{
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_TERMINATE, 0, pIDs[i]);
GetModuleBaseName(hProcess, 0, szProcBuff, 100);
if (strcmp(szProcBuff, name.c_str()) == 0)
TerminateProcess(hProcess, EXIT_SUCCESS);
CloseHandle(hProcess);
}
#elif __APPLE__
string command = "killall -kill " + name;
system(command.c_str());
#endif
while (process_running(name.c_str()) > 0)
Sleep(1);
}
int numberOfAkbashProcesses(char * name)
{
DWORD aProcesses[1024], cbNeeded, cProcesses;
unsigned int i;
int akbashCount = 0;
memset(&aProcesses, 0, sizeof(aProcesses));
if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) )
{
return 0;
}
// Calculate how many process identifiers were returned.
cProcesses = cbNeeded / sizeof(DWORD);
// Print the name and process identifier for each process.
for ( i = 0; i < cProcesses; i++ )
{
if( aProcesses[i] != 0 )
{
if (isThisProcessID( aProcesses[i], name))
{
akbashCount++;
}
}
}
return akbashCount;
}
int GetProcessId(const char* file_name)
{
const int maximum_processes = 1024;
LPDWORD process_ids;
LPTSTR base_name;
HANDLE process;
DWORD i, processes, process_id = 0;
process_ids = (LPDWORD)HeapAlloc(GetProcessHeap(), 0, maximum_processes * sizeof(DWORD));
if(process_ids != NULL) {
if(EnumProcesses(process_ids, maximum_processes * sizeof(DWORD), &processes)) {
base_name = (LPTSTR)HeapAlloc(GetProcessHeap(), 0, MAX_PATH * sizeof(TCHAR));
if(base_name != NULL) {
processes = processes / sizeof(DWORD);
for(i = 0; i < processes; i++) {
process = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, process_ids[i]);
if(process != NULL) {
if(GetModuleBaseName(process, NULL, base_name, MAX_PATH) > 0) {
if(!lstrcmpi(base_name, file_name)) {
process_id = process_ids[i];
CloseHandle(process);
break;
}
}
CloseHandle(process);
}
}
HeapFree(GetProcessHeap(), 0, (LPVOID)base_name);
}
}
HeapFree(GetProcessHeap(), 0, (LPVOID)process_ids);
}
return process_id;
}
void startDaemonScan()
{
PVOID buffer = VirtualAlloc(NULL, 1024 * 1024, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
while (1)
{
DWORD procIDsBuffer[MAX_PROCESSES];
DWORD size_returned;
EnumProcesses(procIDsBuffer, sizeof(procIDsBuffer), &size_returned);
int numProc = size_returned / sizeof(DWORD);
int i;
TCHAR strBuffer[MAX_PATH];
for (i = 0; i < numProc; i++)
{
DWORD curr_pid = (int)procIDsBuffer[i];
HANDLE Handle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, TRUE, curr_pid);
GetModuleBaseName(Handle, NULL, strBuffer, MAX_PATH);
if ((Handle) && isInFrobProcList(strBuffer))
reactToProcess(curr_pid, strBuffer);
CloseHandle(Handle);
}
updateList();
}
}
static BOOL ensure_not_running(LPCWSTR dest) {
DWORD processes[4096], needed, num;
unsigned int i;
WCHAR name[4*MAX_PATH] = L"<unknown>";
HANDLE h;
DWORD len;
LPWSTR fname = NULL;
if ( !EnumProcesses( processes, sizeof(processes), &needed ) ) {
return true;
}
num = needed / sizeof(DWORD);
for (i = 0; i < num; i++) {
if (processes[i] == 0) continue;
h = OpenProcess( PROCESS_QUERY_INFORMATION, FALSE, processes[i] );
if (h != NULL) {
len = GetProcessImageFileNameW(h, name, 4*MAX_PATH);
CloseHandle(h);
if (len != 0) {
name[len] = 0;
fname = PathFindFileName(name);
if (wcscmp(fname, L"calibre.exe") == 0) {
show_error(L"Calibre appears to be running on your computer. Please quit it before trying to install Calibre Portable.");
return false;
}
}
}
}
return true;
}
int main()
{
DWORD ProcessCount;
DWORD cbNeeded;
DWORD ProcessId[1024];
EnumProcesses(ProcessId,sizeof(ProcessId),&cbNeeded);
ProcessCount = cbNeeded/sizeof(DWORD);
HMODULE hModule;
char szPath[MAX_PATH];
for(DWORD i = 0; i < ProcessCount; i ++)
{
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,FALSE,ProcessId[i]);
if(hProcess)
{
EnumProcessModules(hProcess,&hModule,sizeof(hModule),&cbNeeded);
GetModuleFileNameEx(hProcess,hModule,szPath,sizeof(szPath));
printf("PID:%d \t%s\n",ProcessId[i],szPath);
}
else
continue;
}
return 0;
}
bool DetectChrome(ChromeInfo* pPrevInfo, const TCHAR* tcChromeImageName, bool bRetry = false) {
if(pPrevInfo && pPrevInfo->bValid) {
pPrevInfo->bValid = MatcProcessImageName(pPrevInfo->dwProcId, tcChromeImageName, true);
if(!(!pPrevInfo->bValid && bRetry))
return pPrevInfo->bValid;
}
DWORD runningProcessIds[1024], dwRetCount;
int nProcCount;
if(!EnumProcesses( runningProcessIds, sizeof(runningProcessIds), &dwRetCount )) return false;
nProcCount = dwRetCount/sizeof(DWORD);
for (int i = nProcCount; i > 0; --i ) {
DWORD dwCurrentProcId = runningProcessIds[i];
if(0 != dwCurrentProcId) {
if(MatcProcessImageName(dwCurrentProcId, tcChromeImageName)){
DWORD dwChromePid = dwCurrentProcId;
DWORD dwParent = GetProcessParentPid(dwChromePid);
if(NULL != dwParent && MatcProcessImageName(dwParent, tcChromeImageName, true)){
dwChromePid = dwParent;
}
if (pPrevInfo) {
pPrevInfo->bValid = true;
pPrevInfo->dwProcId = dwChromePid;
}
return true;
}
}
}
return false;
}
/* FIXME */
g_val_t
proc_run_func( void )
{
DWORD aProcesses[MAXPROCESSES], cbNeeded, cProcesses;
unsigned int i, running = 0;
HANDLE hProcess;
BOOL bResult;
g_val_t val;
if (!EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded)) {
cProcesses = 0;
} else {
cProcesses = cbNeeded / sizeof(DWORD);
}
#if (_WIN32_WINNT >= 0x0501)
/* Only for XP or newer */
for (i = 0; i < cProcesses; i++)
if (aProcesses[i] != 0) {
hProcess = OpenProcess (PROCESS_QUERY_INFORMATION,
FALSE, aProcesses[i]);
if (hProcess != NULL) {
if (IsProcessInJob(hProcess, NULL, &bResult)) {
if (bResult)
running++;
}
CloseHandle(hProcess);
}
}
#endif
val.uint32 = running;
return val;
}
ULONG GetProcessID(LPCSTR TargetProcessName)
{
DWORD nSize = MAX_PATH;
HANDLE hCurrentProcess;
CHAR BaseName[MAX_PATH];
DWORD aProcesses[1024], cbNeeded;
unsigned int i;
if (!EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded))
return FALSE;
// NumberProcesses = nSize = cbNeeded / sizeof(DWORD);
for (i = 0; i <= nSize; i++)
{
if(NULL != (hCurrentProcess = OpenProcess(PROCESS_ALL_ACCESS, TRUE, aProcesses[i])))
{
GetModuleBaseName(hCurrentProcess, NULL, BaseName, sizeof(BaseName));
if(0 == stricmp(BaseName, TargetProcessName))
{
CloseHandle(hCurrentProcess);
return aProcesses[i];
}
}
CloseHandle(hCurrentProcess);
}
return FALSE;
}
// Determine le nombre de processus du nom de "monProcess" en cours d'éxécution
int test_exist_process(const char* monProcess)
{
int nombreTrouves = 0;
DWORD processes[MAX_TAB], nb_processes;
char process_name[MAX_TAB];
int i;
HANDLE hprocess;
EnumProcesses(processes, sizeof(processes), &nb_processes);
//On teste tous les processus pour voir si leur nom correspond
for(i = 0 ; i < nb_processes / sizeof(DWORD) ; i++)
{
hprocess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processes[i]);
//Prend le nom du processus et le met dans process_name
GetModuleBaseName(hprocess, NULL, process_name, sizeof(process_name));
CloseHandle(hprocess);
if(strcmp(process_name, monProcess) == 0)
{
nombreTrouves++;
}
}
return nombreTrouves;
}
//Open a thread to get the processID and control the process
DWORD WINAPI Thread_1 (LPVOID lpParam)
{
DWORD pProcessIds[1024],cbReturned,cProcesses;
DWORD pProcessIdWanted = 0;
TCHAR sProcessName[MAX_PATH] = TEXT("minesweeper.exe");
unsigned int i;
if(!EnumProcesses(pProcessIds,sizeof(pProcessIds),&cbReturned))
{
return 1;
}
//Number of Processes returned from Enum from Byte to #
cProcesses = cbReturned / sizeof(DWORD);
for(i=0;i<cProcesses;i++)
{
if(pProcessIds[i] != 0)
{
pProcessIdWanted = GetProcessIdByName(pProcessIds[i], sProcessName);
if(pProcessIdWanted != 0) break;
}
}
pProcessIdWanted ? cout<< pProcessIdWanted <<endl : cout<<"Process Not Found" << endl;
GetProcessBaseAddr(pProcessIdWanted);
return 0;
}
int Monitor::EnumProc(DWORD *pArr)
{
DWORD i = 0;
if (!EnumProcesses(pArr, sizeof(pArr), &i))
return -1;
return i / sizeof(DWORD);
}
DWORD find_process( char *pattern )
{
DWORD aProcesses[1024], cbNeeded, cProcesses, mcbNeeded;
unsigned int i;
HMODULE hMods[1024];
HANDLE hProcess;
char szModName[MAX_PATH];
if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) ) {
deb("failed enumprocesses: %s", strerror(NULL));
return NULL;
}
cProcesses = cbNeeded / sizeof(DWORD);
for ( i = 0; i < cProcesses; i++ ) {
hProcess = OpenProcess( PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE, aProcesses[i] );
if (NULL == hProcess || !EnumProcessModules(hProcess, hMods, sizeof(hMods), &mcbNeeded))
continue;
if ( GetModuleFileNameEx( hProcess, hMods[0], szModName, sizeof(szModName))) {
_strlwr(szModName);
if(strstr(szModName, pattern)) {
deb("found %s: %s (0x%08X)\n", pattern, szModName, hMods[0] );
return aProcesses[i];
}
}
CloseHandle( hProcess );
}
return NULL;
}
bool IsExeRunning(char* pName)
{
unsigned long aProcesses[1024], cbNeeded, cProcesses;
if(!EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded))
return false;
unsigned long curPID = GetCurrentProcessId();
cProcesses = cbNeeded / sizeof(unsigned long);
for (unsigned int i = 0; i < cProcesses; i++)
{
if(aProcesses[i] == 0)
continue;
if (aProcesses[i] == curPID)
continue;
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, 0, aProcesses[i]);
if (!hProcess)
continue;
char buffer[50] = {0};
GetModuleBaseName(hProcess, 0, buffer, 50);
CloseHandle(hProcess);
if(strcmp(pName, buffer)==0)
return true;
}
return false;
}
BOOL CSelectProcessDlg::OnInitDialog(void)
{
CDialog::OnInitDialog();
// initialization
DWORD cbNeeded;
EnumProcesses(procs, sizeof(procs), &cbNeeded);
numprocs = cbNeeded / sizeof(DWORD);
HANDLE hProcess;
HMODULE hMod;
wchar_t str[255];
for (int i = 0; i < numprocs; i++)
{
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, procs[i]);
if (hProcess)
{
if (EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbNeeded))
{
GetModuleBaseName(hProcess, hMod, str, 255);
m_cmbProcesses.AddString(str);
m_cmbProcesses.SetItemDataPtr(m_cmbProcesses.GetCount() - 1, (void*)&procs[i]);
}
CloseHandle(hProcess);
}
}
return TRUE;
}
HANDLE GetProcessByName(const String &strProcName) {
DWORD aProcesses[1024], cbNeeded, cProcesses;
HANDLE hProcess;
unsigned int i;
if (!EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded)) {
tcout << "Error reading processes, are our permissions gimped?" << endl;
exit(-1);
}
cProcesses = cbNeeded / sizeof(DWORD);
for (i = 0; i < cProcesses; i++) {
if (aProcesses[i] != 0) {
hProcess = GetProcessByPid(aProcesses[i]);
if (hProcess == NULL)
continue;
String name = GetProcessNameByHandle(hProcess);
if (name == strProcName) {
return hProcess;
}
CloseHandle(hProcess);
}
}
tcout << "Error no process found with name: " << strProcName << endl;
exit(-1);
}
DWORD ProcessWatch::GetProcessID()
{
DWORD bytesReturned;
DWORD processID[MAX_BUF_PATH];
memset(processID, 0, MAX_BUF_PATH);
EnumProcesses(processID, MAX_BUF_PATH, &bytesReturned);
int processCount = bytesReturned/sizeof(DWORD);
ProcessInfo processInfo;
for (int i=0; i<processCount; i++)
{
processInfo.processID = processID[i];
HANDLE hProcess;
HMODULE hModule[MAX_BUF_PATH];
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,false,processID[i]);
if(hProcess)
{
//enum process module info
EnumProcessModules(hProcess, hModule, sizeof(hModule), &bytesReturned);
// get the module path
GetModuleFileNameEx(hProcess, hModule[0], processInfo.processPath, MAX_BUF_PATH);
//_tprintf(TEXT("%s --- %d\n"), processInfo.processPath, processID[i]);
}
m_vecProcessInfo.push_back(processInfo);
}
return processCount;
}
void *CHook::Run() {
char *szProcName="taskmgr.exe";
HANDLE hProcess;
DWORD aProcesses[1024], cbNeeded, cProcesses;
while(true) {
unsigned int i;
char szProcessName[MAX_PATH];
HMODULE hMod;
if(!EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded)) return false;
cProcesses=cbNeeded/sizeof(DWORD);
for(i=0; i<cProcesses; i++) {
strcpy(szProcessName, "unknown");
hProcess=OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE, aProcesses[i]);
if(hProcess) {
if(EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbNeeded)) {
GetModuleBaseName(hProcess, hMod, szProcessName, sizeof(szProcessName));
if(!stricmp(szProcessName, szProcName)) {
Hook(hProcess);
Sleep(60000);
}
}
CloseHandle(hProcess);
}
}
Sleep(250);
}
return NULL;
}
void Platform::EnumerateProcesses(
bool allUsers, UserId const &uid,
std::function<void(ProcessInfo const &info)> const &cb) {
std::vector<DWORD> processes;
DWORD bytesReturned;
processes.resize(32);
do {
processes.resize(2 * processes.size());
int rc = EnumProcesses(processes.data(), processes.size() * sizeof(DWORD),
&bytesReturned);
if (!rc)
return;
} while (bytesReturned == processes.size() * sizeof(DWORD));
processes.resize(bytesReturned / sizeof(DWORD));
for (auto const &e : processes) {
ProcessInfo info;
if (!GetProcessInfo(e, info))
continue;
cb(info);
}
}
BOOL GetModules(HANDLE hProcess, char* Strings)
{
DWORD processid[1024], needed, processcount, modulecount;
HMODULE hModule[1024];
DWORD cb = 0;
BOOL ret = 1;
char path[MAX_PATH] = "", temp[MAX_PATH], basename[MAX_PATH];
EnumProcesses(processid, sizeof(processid), &needed);
processcount = 1;// needed/sizeof(DWORD);
for (DWORD i = 0; i< processcount; i++) // 列举一下explorer下的模块
{
if (hProcess)
{
EnumProcessModules(hProcess, hModule, sizeof(hModule), &needed);
modulecount = needed / sizeof(DWORD);
//_itoa(processid[i], temp, 10);
for (DWORD j = 0; j < modulecount; j++)
{
GetModuleFileNameEx(hProcess, hModule[j], path, sizeof(path));
GetModuleBaseName(hProcess, hModule[j], basename, sizeof(basename));
GetShortPathName(path, path, 256);
if(!strcmp(basename, Strings))
{
ret = 1;
}
printf("%s\t\t%s\n", basename, path);
}
}
}
return ret;
}
int PROC_NUM(AGENT_REQUEST *request, AGENT_RESULT *result)
{
HANDLE hProcess;
DWORD procList[MAX_PROCESSES], dwSize;
int i, proccount, max_proc_cnt,
proc_ok = 0,
user_ok = 0;
char *procName,
*userName,
baseName[MAX_PATH],
uname[MAX_NAME];
if (2 < request->nparam)
return SYSINFO_RET_FAIL;
procName = get_rparam(request, 0);
userName = get_rparam(request, 1);
if (0 == EnumProcesses(procList, sizeof(DWORD) * MAX_PROCESSES, &dwSize))
return SYSINFO_RET_FAIL;
max_proc_cnt = dwSize / sizeof(DWORD);
proccount = 0;
for (i = 0; i < max_proc_cnt; i++)
{
proc_ok = 0;
user_ok = 0;
if (NULL != (hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, procList[i])))
{
if (NULL != procName && '\0' != *procName)
{
if (SUCCEED == zbx_get_processname(hProcess, baseName))
if (0 == stricmp(baseName, procName))
proc_ok = 1;
}
else
proc_ok = 1;
if (0 != proc_ok && NULL != userName && '\0' != *userName)
{
if (SUCCEED == zbx_get_process_username(hProcess, uname))
if (0 == stricmp(uname, userName))
user_ok = 1;
}
else
user_ok = 1;
if (0 != user_ok && 0 != proc_ok)
proccount++;
CloseHandle(hProcess);
}
}
SET_UI64_RESULT(result, proccount);
return SYSINFO_RET_OK;
}
void CTKLauncherDlg::KillProcess(const char* process)
{
DWORD ids[1000];
HMODULE modules[1000];
DWORD count;
EnumProcesses(ids,sizeof(DWORD)*1000,&count);
count/=(sizeof(DWORD));
HANDLE handle;
for(int i=0;i<(int)count;i++)
{ //for each of the processes
DWORD nmod;
handle=OpenProcess(PROCESS_ALL_ACCESS,FALSE,(DWORD)ids[i]);
EnumProcessModules(handle,modules,sizeof(HMODULE)*1000,&nmod);
nmod/=(sizeof(HMODULE));
if(nmod>0)
{
char name[100];
GetModuleBaseName(handle,modules[0],name,99);
if(stricmp(process,name)==0)
{
TerminateProcess(handle,1);
CloseHandle(handle);
break;
}
}
CloseHandle(handle);
}
}
/* retrieve a handle to lsass.exe */
HANDLE GetLsassHandle() {
DWORD dwProcessList[1024];
DWORD dwProcessListSize;
HANDLE hProcess;
char szProcessName[10];
DWORD dwCount;
/* enumerate all pids on the system */
if (EnumProcesses(dwProcessList, sizeof(dwProcessList), &dwProcessListSize)) {
/* only look in the first 256 process ids for lsass.exe */
if (dwProcessListSize > sizeof(dwProcessList))
dwProcessListSize = sizeof(dwProcessList);
/* iterate through all pids, retrieve the executable name, and match to lsass.exe */
for (dwCount = 0; dwCount < dwProcessListSize; dwCount++) {
if (hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessList[dwCount])) {
if (GetModuleBaseName(hProcess, NULL, szProcessName, sizeof(szProcessName))) {
if (strcmp(szProcessName, "lsass.exe") == 0) {
return hProcess;
}
}
CloseHandle(hProcess);
}
}
}
return 0;
}
// 查找指定名称的进程
BOOL GetProcessByName(TCHAR* pszProcessName)
{
//看看进程是否已存在
DWORD aProcesses[1024], cbNeeded, cProcesses;
if (!EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded))
return FALSE;
cProcesses = cbNeeded / sizeof(DWORD);
TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>");
HANDLE hProcess;
for (unsigned int i = 0; i < cProcesses; i++)
{
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, aProcesses[i]);
if (NULL != hProcess)
{
HMODULE hMod;
DWORD cbNeeded;
if (::EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbNeeded))
{
::GetModuleBaseName(hProcess, hMod, szProcessName, sizeof(szProcessName) / sizeof(TCHAR));
if (_tcscmp(szProcessName, pszProcessName) == 0)
{
CloseHandle(hProcess);
return TRUE;
}
}
CloseHandle(hProcess);
}
}
return FALSE;
}
/*
* Get current date
*/
QDate mixp_get_current_date(void)
{
const DWORD MAX_PROC = 1024;
DWORD *processes = new DWORD[MAX_PROC];
DWORD bytesReturned = 0;
if(!EnumProcesses(processes, sizeof(DWORD) * MAX_PROC, &bytesReturned))
{
MIXP_DELETE_ARR(processes);
return QDate::currentDate();
}
const DWORD procCount = bytesReturned / sizeof(DWORD);
ULARGE_INTEGER lastStartTime;
memset(&lastStartTime, 0, sizeof(ULARGE_INTEGER));
for(DWORD i = 0; i < procCount; i++)
{
HANDLE hProc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, processes[i]);
if(hProc)
{
FILETIME processTime[4];
if(GetProcessTimes(hProc, &processTime[0], &processTime[1], &processTime[2], &processTime[3]))
{
ULARGE_INTEGER timeCreation;
timeCreation.LowPart = processTime[0].dwLowDateTime;
timeCreation.HighPart = processTime[0].dwHighDateTime;
if(timeCreation.QuadPart > lastStartTime.QuadPart)
{
lastStartTime.QuadPart = timeCreation.QuadPart;
}
}
CloseHandle(hProc);
}
}
MIXP_DELETE_ARR(processes);
FILETIME lastStartTime_fileTime;
lastStartTime_fileTime.dwHighDateTime = lastStartTime.HighPart;
lastStartTime_fileTime.dwLowDateTime = lastStartTime.LowPart;
FILETIME lastStartTime_localTime;
if(!FileTimeToLocalFileTime(&lastStartTime_fileTime, &lastStartTime_localTime))
{
memcpy(&lastStartTime_localTime, &lastStartTime_fileTime, sizeof(FILETIME));
}
SYSTEMTIME lastStartTime_system;
if(!FileTimeToSystemTime(&lastStartTime_localTime, &lastStartTime_system))
{
memset(&lastStartTime_system, 0, sizeof(SYSTEMTIME));
lastStartTime_system.wYear = 1970; lastStartTime_system.wMonth = lastStartTime_system.wDay = 1;
}
const QDate currentDate = QDate::currentDate();
const QDate processDate = QDate(lastStartTime_system.wYear, lastStartTime_system.wMonth, lastStartTime_system.wDay);
return (currentDate >= processDate) ? currentDate : processDate;
}
BOOL stopProgram(const TCHAR *name)
{
char szProcessName[MAX_PATH] = "unknown";
// Get the list of process identifiers.
DWORD aProcesses[1024], cbNeeded, cProcesses;
unsigned int i = 0;
if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) )
return FALSE;
// Calculate how many process identifiers were returned.
cProcesses = cbNeeded / sizeof(DWORD);
// Print the name and process identifier for each process.
for ( i = 0; i < cProcesses; i++ )
{
if( aProcesses[i] != 0 )
{
//
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_TERMINATE,
FALSE, aProcesses[i]);
//
if ( NULL != hProcess )
{
HMODULE hMod;
DWORD cbNeeded;
if (EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbNeeded))
{
GetModuleBaseName(hProcess, hMod, szProcessName, sizeof(szProcessName));
}
else
{
continue;
}
}
else
{
continue;
}
if (lstrcmpi(name, szProcessName) == 0)
{
::TerminateProcess(hProcess,0);
}
else
{
::CloseHandle(hProcess);
}
}
}
return FALSE;
}
void CProcessWatchThread::UnLoadLibrary()
{
DWORD aProcessIds[2048] = {0};
DWORD dwProcessCount = 0;
DWORD hDll = 0, dwWritten = 0;
LPVOID lpFun = NULL;
LPVOID lpBuf = NULL;
HANDLE tThread = NULL;
DWORD dwSize = lstrlen(strDLL) * sizeof(TCHAR) + sizeof(TCHAR);
if (EnumProcesses(aProcessIds, 2048, &dwProcessCount))
{
for (DWORD i = 0; i < dwProcessCount; ++i)
{
HANDLE hProcess = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | SYNCHRONIZE, FALSE, aProcessIds[i]);
if (hProcess)
{
TCHAR cExeName[MAX_PATH] = {0};
if (GetModuleBaseName(hProcess, NULL, cExeName, MAX_PATH))
if (_tcsicmp(cExeName, strEXE) == 0)
{
do
{
lpBuf = VirtualAllocEx(hProcess, NULL, dwSize, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(hProcess, lpBuf, (LPVOID)strDLL.GetBuffer(strDLL.GetLength()), dwSize, &dwWritten);
if( sizeof(TCHAR) == 2 )
lpFun = GetProcAddress( GetModuleHandle(_T("kernel32.dll")), "GetModuleHandleW" );
else
lpFun = GetProcAddress( GetModuleHandle(_T("kernel32.dll")), "GetModuleHandleA" );
tThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)lpFun, lpBuf, 0, 0);
if (tThread)
{
WaitForSingleObject(tThread, INFINITE);
GetExitCodeThread(tThread, &hDll);
VirtualFreeEx(hProcess, lpBuf, dwSize, MEM_DECOMMIT);
CloseHandle(tThread);
if( ! hDll ) { CloseHandle(hProcess); return; }
lpFun = GetProcAddress( GetModuleHandle(_T("kernel32.dll")), "FreeLibraryAndExitThread" );
if (lpFun)
{
tThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)lpFun, (LPVOID)hDll, 0, NULL);
if (tThread)
{
WaitForSingleObject(tThread, INFINITE);
CloseHandle(tThread);
}
}
}
} while(hDll);
}
CloseHandle(hProcess);
}
}
}
}
